FIX Use the wrong logo size on PDF

Conflicts:
	htdocs/core/class/utils.class.php

.stickler.yml

@@ -0,0 +1,10 @@
+---
+linters:
+  phpcs:
+      standard: 'dev/setup/codesniffer/ruleset.xml'
+      extensions: 'php'
+      tab_width: 4
+      fixer: true
+
+fixers:
+    enable: true

.travis.yml

@@ -3,6 +3,7 @@
 # For syntax, see http://about.travis-ci.org/docs/user/languages/php/
 
 # We use dist: trusty to have php 5.4+ available
+os: linux
 dist: trusty
 sudo: required
 
@@ -119,6 +120,7 @@ install:
   composer self-update
   composer -n init
   composer -n config vendor-dir htdocs/includes
+  composer -n config -g vendor-dir htdocs/includes
   echo
 
 - |
@@ -299,7 +301,7 @@ script:
   # Ensure we catch errors
   set -e
   #parallel-lint --exclude htdocs/includes --blame .
-  parallel-lint --exclude htdocs/includes/sabre --exclude htdocs/includes/phpoffice/phpexcel/Classes/PHPExcel/Shared --exclude htdocs/includes/sebastian --exclude htdocs/includes/squizlabs/php_codesniffer/tests --exclude htdocs/includes/jakub-onderka/php-parallel-lint/tests --exclude htdocs/includes/mike42/escpos-php/example --exclude htdocs/includes/phpunit/php-token-stream/tests --exclude htdocs/includes/composer/autoload_static.php --blame .
+  parallel-lint --exclude htdocs/includes/myclabs --exclude htdocs/includes/webmozart --exclude htdocs/includes/phpspec --exclude htdocs/includes/sabre --exclude htdocs/includes/phpoffice/phpexcel/Classes/PHPExcel/Shared --exclude htdocs/includes/sebastian --exclude htdocs/includes/squizlabs/php_codesniffer/tests --exclude htdocs/includes/jakub-onderka/php-parallel-lint/tests --exclude htdocs/includes/mike42/escpos-php/example --exclude htdocs/includes/phpunit/php-token-stream/tests --exclude htdocs/includes/composer/autoload_static.php --blame .
   set +e
   echo
 

ChangeLog

@@ -3,6 +3,56 @@ English Dolibarr ChangeLog
 --------------------------------------------------------------
 
 
+***** ChangeLog for 9.0.4 compared to 9.0.3 *****
+FIX: #5249
+FIX: #11025
+FIX: #11032
+FIX: #11097
+FIX: #11169
+FIX: #11202
+FIX: #11244
+FIX: #11296
+FIX: #11316
+FIX: #11335
+FIX: Add missing end date of subscription in export
+FIX: A user may read holiday and expense report without permissions
+FIX: better syntax
+FIX: condition
+FIX: confirmation of mass email sending + option MAILING_NO_USING_PHPMAIL
+FIX: crabe pdf: bad detailed VAT for situation invoices, in situations S2 and above
+FIX: default value for duration of validity can be set from generic
+FIX: do not include tpl from disabled modules
+FIX: Error management when MAILING_NO_USING_PHPMAIL is set
+FIX: Even with permission, can't validate leave once validator defined.
+FIX: extrafield list search: SQL error when field is multiselect
+FIX: if last char of customercode is accent making the truncate of first
+FIX: Import of chart of account
+FIX: in edit mode, dictionary inputs do not escape the string inside the 'value' attribute, causing errors if there are any double quotes
+FIX: invalid link on user.fk_user
+FIX: invoice class: bad SQL request if product type not set
+FIX: javascript error when ckeditor module not enabled
+FIX: mail presend: can overwrite a file previously uploaded (Issue #11056)
+FIX: mass send mail
+FIX: missing compatibility with multicompany transverse mode
+FIX: missing llx_const encrypt
+FIX: modulebuilder: hardcoded llx_
+FIX: Not showing Contract and Project columns on ficheinter list
+FIX: only profid1 to 4 were editable for pdf option to show. Not 5 and 6.
+FIX: productaccount buylist with pages
+FIX: remove isolated transaction commit
+FIX: security (a user can read leave or holiday of other without perm.
+FIX: situation invoices: bad detailed VAT in situations following the first one
+FIX: situation invoices: block progress percentage change for discount lines
+FIX: syntax error
+FIX: the id was not loaded in fetch of accounting system
+FIX: try to use WHERE EXISTS instead of DISTINCT
+FIX: use dol_sanitizeFileName() function to remove double spaces in filenames, as well as done on document.php when we want to download pdf
+FIX: Use of cron with multicompany
+FIX: var name
+FIX: we need to fetch fourn invoice with ref in current entity
+FIX: Wrong stock movement on supplier credit notes
+FIX: Import of record in ledger
+
 ***** ChangeLog for 9.0.3 compared to 9.0.2 *****
 FIX: #11013
 FIX: #11041
@@ -255,6 +305,125 @@ Following changes may create regressions for some external modules, but were nec
 * Remove the no more used and deprecated dol_print_graph function
 
 
+***** ChangeLog for 8.0.6 compared to 8.0.5 *****
+FIX: #11244
+FIX: #11316
+FIX: Add missing end date of subscription in export
+FIX: A user may read holiday and expense report without permissions
+FIX: better syntax
+FIX: condition
+FIX: confirmation of mass email sending + option MAILING_NO_USING_PHPMAIL
+FIX: crabe pdf: bad detailed VAT for situation invoices, in situations S2 and above
+FIX: default value for duration of validity can be set from generic
+FIX: do not include tpl from disabled modules
+FIX: Error management when MAILING_NO_USING_PHPMAIL is set
+FIX: Even with permission, can't validate leave once validator defined.
+FIX: extrafield list search: SQL error when field is multiselect
+FIX: if last char of customercode is accent making the truncate of first
+FIX: in edit mode, dictionary inputs do not escape the string inside the 'value' attribute, causing errors if there are any double quotes
+FIX: invalid link on user.fk_user
+FIX: invoice class: bad SQL request if product type not set
+FIX: mail presend: can overwrite a file previously uploaded
+FIX: mail presend: can overwrite a file previously uploaded (Issue #11056)
+FIX: mass send mail
+FIX: missing compatibility with multicompany transverse mode
+FIX: modulebuilder: hardcoded llx_
+FIX: Not showing Contract and Project columns on ficheinter list
+FIX: remove isolated transaction commit
+FIX: security (a user can read leave or holiday of other without perm.
+FIX: situation invoices: bad detailed VAT in situations following the first one
+FIX: situation invoices: block progress percentage change for discount lines
+FIX: syntax error
+FIX: try to use WHERE EXISTS instead DISTINCT
+FIX: use dol_sanitizeFileName() function to remove double spaces in filenames, as well as done on document.php when we want to download pdf
+FIX: var name
+FIX: we need to fetch fourn invoice with ref in current entity
+FIX: Wrong stock movement on supplier credit notes
+
+***** ChangeLog for 8.0.5 compared to 8.0.4 *****
+FIX: #10381
+FIX: #10460 compatibility with MariaDB 10.4
+FIX: #11025
+FIX: Accountancy - Add transaction with multicompany use all the time 1st entity
+FIX: Accountancy - Format EBP import
+FIX: actioncomm export: ORDER BY clause is in wrong export property + event type filter does not work
+FIX: actioncomm: sort events by date after external calendars and hook
+FIX: action list: add printFieldListSelect and printFieldListWhere hooks
+FIX: add fk_unit on addline action
+FIX: avoid php warning
+FIX: bad sql request
+FIX: better method
+FIX: better test
+FIX: better test on fetch
+FIX: broken external authentication module feature and avoid warning
+FIX: Can not create contract with numbering module without autogen rule
+FIX: can't add lines on invoices
+FIX: Can't generate invoice pdf
+FIX: Can't insert if there is extrafields mandatory on another entity.
+FIX: Can't insert if there is extrafields mandatory on another entity. FIX: Can't set default value of extrafield of type varchar
+FIX: Check for old picture name if the new one was not found
+FIX: Civility not saved when creating a member.
+FIX: $conf->fournisseur->commande->enabled doesn't exist, we must use $conf->fournisseur->enabled
+FIX: could not create several superadmin in transversal mode
+FIX: credit note can have negative value
+FIX: Default value on sales representative on third party creation
+FIX: Don't show journal:getNomUrl without data
+FIX: Erreur dans le Total
+FIX: error messages not displayed
+FIX: expedition: reset status on rollback + replace hardcoded status with const
+FIX: Fix PHP warning "count(): Parameter must be an array..."
+FIX: fk_default_warehouse missing in group by
+FIX: function sendEmailsReminder isn't completely developed, then MAIN_FEATURES_LEVEL must be 2 to "use" it
+FIX: holidays get natural_search if search params are set only
+FIX: if empty error message, we just see "error" displayed
+FIX: if(!method_exists(dol_loginfunction))
+FIX: If we build one invoice for several orders, we must put the ref of order on the line to not lose information.
+FIX: in fact expensereport must be in $check array
+FIX: Interface regression for bind people. Fix option MAIN_OPTIMIZEFORTEXTBROWSER
+FIX: line edit template: keep fk_parent_line
+FIX: Loan impossible to account
+FIX: Mark credit note as available for credit note in other currency
+FIX: missing access security checking with multicompany
+FIX: missing entity filter and wrong var name
+FIX: missing entity filter in function "build_filterField()" (export)
+FIX: Missing field in import/export of users
+FIX: missing hook completeTabsHead in margins module
+FIX: missing $ismultientitymanaged for previous/next ref
+FIX: Missing province in export of invoice
+FIX: multicompany compatibility
+FIX: must fetch member in current entity
+FIX: need an order by in case we found other invoice with same number but not same date
+FIX: need to round with 2 decimals to avoid movements not correctly balanced
+FIX: no need to test anything to display documents tabs on expense report
+FIX: positive values creating diff on addline rounding
+FIX: problem with multicompany transverse mode
+FIX: Product accountancey sell intra code must be visible if main feature level 1
+FIX: project_title for display of getNomUrl()
+FIX: quick search for supplier orders
+FIX: Remane of project
+FIX: same thing here
+FIX: Selection of email recipient with option MAIN_OPTIMIZEFORTEXTBROWSER
+FIX: several hooks in shipping/delivery cards
+FIX: shipping default warehouse if only one warehouse
+FIX: SQL injection on rowid of dict.php
+FIX: 'statut' is ignored when updating a user with the REST API.
+FIX: supplier invoice payment total dont care about deposit or credit
+FIX: supplier invoice product stats total ht is line total not invoice total
+FIX: The minimum amount filter does not work in the VAT report per customer
+FIX: Total per day shows 00:00 if the total time spent is equal to 12:00
+FIX: Update/delete currency on same languages
+FIX: [URGENT] broken feature, "$usercancreate" is for Dolibarr 9
+FIX: useless join
+FIX: we need to keep originline special_code
+FIX: we want to be able to reopen fourn credit note
+FIX: when 2 extra fields are mandatory in 2 different entities
+FIX: when we add a payment on an invoice which already has payments with credit note or deposit amount, and then we get an excess received, discount amount must be $total_paiements + $total_creditnote_and_deposit - $object->total_ttc;
+FIX: when we create deposit with multi tva, we mustn't add line if amount = 0 (example when we have a 100% reduc on one of origin invoice line)
+FIX: wrong redirect link on holiday refuse
+FIX: wrong test enabled
+FIX: Wrong variable name
+FIX: XSS
+
 ***** ChangeLog for 8.0.4 compared to 8.0.3 *****
 FIX: #10030 better german chart
 FIX: #10036

build/generate_filelist_xml.php

@@ -72,7 +72,7 @@ while ($i < $argc)
 
 if (empty($release))
 {
-	print "Error: Missing release paramater\n";
+	print "Error: Missing release parameter\n";
 	print "Usage: ".$script_file." release=autostable|auto[-mybuild]|x.y.z[-mybuild] [includecustom=1] [includeconstant=CC:MY_CONF_NAME:value]\n";
 	exit -1;
 }
@@ -121,6 +121,7 @@ else
 }
 
 print "Release                        : ".$release."\n";
+print "Working on files into          : ".DOL_DOCUMENT_ROOT."\n";
 print "Include custom in signature    : ".$includecustom."\n";
 print "Include constants in signature : ";
 foreach ($includeconstants as $countrycode => $tmp)
@@ -163,7 +164,7 @@ $iterator1 = new RecursiveIteratorIterator($dir_iterator1);
 // Need to ignore document custom etc. Note: this also ignore natively symbolic links.
 $files = new RegexIterator($iterator1, '#^(?:[A-Z]:)?(?:/(?!(?:'.($includecustom?'':'custom\/|').'documents\/|conf\/|install\/))[^/]+)+/[^/]+\.(?:php|css|html|js|json|tpl|jpg|png|gif|sql|lang)$#i');
 */
-$regextoinclude='\.(php|css|html|js|json|tpl|jpg|png|gif|sql|lang)$';
+$regextoinclude='\.(php|php3|php4|php5|phtml|phps|phar|inc|css|scss|html|xml|js|json|tpl|jpg|jpeg|png|gif|ico|sql|lang|txt|yml|md|mp3|mp4|wav|mkv|z|gz|zip|rar|tar|less|svg|eot|woff|woff2|ttf|manifest)$';
 $regextoexclude='('.($includecustom?'':'custom|').'documents|conf|install|public\/test|Shared\/PCLZip|nusoap\/lib\/Mail|php\/example|php\/test|geoip\/sample.*\.php|ckeditor\/samples|ckeditor\/adapters)$';  // Exclude dirs
 $files = dol_dir_list(DOL_DOCUMENT_ROOT, 'files', 1, $regextoinclude, $regextoexclude, 'fullname');
 $dir='';

build/makepack-dolibarr.pl

@@ -361,12 +361,12 @@ if ($nboftargetok) {
 		}
 		if (! $BUILD || $BUILD eq '0-rc')	# For a major version
 		{
-			print 'cd ~/git/dolibarr_'.$MAJOR.'.'.$MINOR.'; git log `git rev-list --boundary '.$MAJOR.'.'.$MINOR.'..origin/develop | grep ^- | cut -c2- | head -n 1`.. --no-merges --pretty=short --oneline | sed -e "s/^[0-9a-z]* //" | grep -e \'^FIX\|NEW\' | sort -u | sed \'s/FIXED:/FIX:/g\' | sed \'s/FIXED :/FIX:/g\' | sed \'s/FIX :/FIX:/g\' | sed \'s/FIX /FIX: /g\' | sed \'s/NEW :/NEW:/g\' | sed \'s/NEW /NEW: /g\' > /tmp/aaa';
+			print 'cd ~/git/dolibarr_'.$MAJOR.'.'.$MINOR.'; git log `git rev-list --boundary '.$MAJOR.'.'.$MINOR.'..origin/develop | grep ^- | cut -c2- | head -n 1`.. --no-merges --pretty=short --oneline | sed -e "s/^[0-9a-z]* //" | grep -e \'^FIX\|NEW\|CLOSE\' | sort -u | sed \'s/FIXED:/FIX:/g\' | sed \'s/FIXED :/FIX:/g\' | sed \'s/FIX :/FIX:/g\' | sed \'s/FIX /FIX: /g\' | sed \'s/NEW :/NEW:/g\' | sed \'s/NEW /NEW: /g\' > /tmp/aaa';
 		}
 		else			# For a maintenance release
 		{
 			#print 'cd ~/git/dolibarr_'.$MAJOR.'.'.$MINOR.'; git log '.$MAJOR.'.'.$MINOR.'.'.($BUILD-1).'.. --no-merges --pretty=short --oneline | sed -e "s/^[0-9a-z]* //" | grep -e \'^FIX\|NEW\' | sort -u | sed \'s/FIXED:/FIX:/g\' | sed \'s/FIXED :/FIX:/g\' | sed \'s/FIX :/FIX:/g\' | sed \'s/FIX /FIX: /g\' | sed \'s/NEW :/NEW:/g\' | sed \'s/NEW /NEW: /g\' > /tmp/aaa';
-			print 'cd ~/git/dolibarr_'.$MAJOR.'.'.$MINOR.'; git log '.$MAJOR.'.'.$MINOR.'.'.($BUILD-1).'.. | grep -v "Merge branch" | grep -v "Merge pull" | grep "^ " | sed -e "s/^[0-9a-z]* *//" | grep -e \'^FIX\|NEW\' | sort -u | sed \'s/FIXED:/FIX:/g\' | sed \'s/FIXED :/FIX:/g\' | sed \'s/FIX :/FIX:/g\' | sed \'s/FIX /FIX: /g\' | sed \'s/NEW :/NEW:/g\' | sed \'s/NEW /NEW: /g\' > /tmp/aaa';
+			print 'cd ~/git/dolibarr_'.$MAJOR.'.'.$MINOR.'; git log '.$MAJOR.'.'.$MINOR.'.'.($BUILD-1).'.. | grep -v "Merge branch" | grep -v "Merge pull" | grep "^ " | sed -e "s/^[0-9a-z]* *//" | grep -e \'^FIX\|NEW\|CLOSE\' | sort -u | sed \'s/FIXED:/FIX:/g\' | sed \'s/FIXED :/FIX:/g\' | sed \'s/FIX :/FIX:/g\' | sed \'s/FIX /FIX: /g\' | sed \'s/NEW :/NEW:/g\' | sed \'s/NEW /NEW: /g\' > /tmp/aaa';
 			
 		}
 		print "\n";
@@ -387,6 +387,8 @@ if ($nboftargetok) {
 	#-----------------------
 	if ($CHOOSEDTARGET{'-CHKSUM'})
 	{
+		chdir("$SOURCE");
+
 		$ret=`git ls-files . --exclude-standard --others`;
 		if ($ret)
 		{

htdocs/accountancy/admin/productaccount.php

@@ -279,7 +279,8 @@ if ($result)
     if ($search_desc > 0) $param.="&search_desc=".urlencode($search_desc);
     if ($search_current_account > 0) $param.="&search_current_account=".urlencode($search_current_account);
     if ($search_current_account_valid && $search_current_account_valid != '-1') $param.="&search_current_account_valid=".urlencode($search_current_account_valid);
-
+    if ($accounting_product_mode) $param.="&accounting_product_mode=".urlencode($accounting_product_mode);
+    
     print '<form action="' . $_SERVER["PHP_SELF"] . '" method="post">';
     if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
     print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';

htdocs/accountancy/bookkeeping/balance.php

@@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2016       Olivier Geffroy         <jeff@jeffinfo.com>
  * Copyright (C) 2016       Florian Henry           <florian.henry@open-concept.pro>
- * Copyright (C) 2016-2018  Alexandre Spangaro      <aspangaro@zendsi.com>
+ * Copyright (C) 2016-2019  Alexandre Spangaro      <aspangaro@open-dsi.fr>
  * Copyright (C) 2018       Frédéric France         <frederic.france@netlogic.fr>
  *
  * This program is free software; you can redistribute it and/or modify
@@ -164,7 +164,7 @@ if ($action == 'export_csv')
 		print $object->get_compte_desc($line->numero_compte) . $sep;
 		print price($line->debit) . $sep;
 		print price($line->credit) . $sep;
-		print price($line->credit - $line->debit) . $sep;
+		print price($line->debit - $line->credit) . $sep;
 		print "\n";
 	}
 
@@ -235,7 +235,7 @@ if ($action != 'export_csv')
 	print $langs->trans('to');
 	print $formaccounting->select_account($search_accountancy_code_end, 'search_accountancy_code_end', 1, array(), 1, 1, '');
 	print '</td>';
-	print '<td align="right" class="liste_titre">';
+	print '<td class="liste_titre right">';
 	$searchpicto=$form->showFilterAndCheckAddButtons(0);
 	print $searchpicto;
 	print '</td>';
@@ -274,7 +274,7 @@ if ($action != 'export_csv')
 		{
 			// Affiche un Sous-Total par compte comptable
 			if ($displayed_account != "") {
-				print '<tr class="liste_total"><td align="right" colspan="2">' . $langs->trans("SubTotal") . ':</td><td class="nowrap" align="right">' . price($sous_total_debit) . '</td><td class="nowrap" align="right">' . price($sous_total_credit) . '</td><td class="nowrap" align="right">' . price(price2num($sous_total_credit - $sous_total_debit)) . '</td>';
+				print '<tr class="liste_total"><td class="right" colspan="2">' . $langs->trans("SubTotal") . ':</td><td class="nowrap right">' . price($sous_total_debit) . '</td><td class="nowrap right">' . price($sous_total_credit) . '</td><td class="nowrap right">' . price(price2num($sous_total_credit - $sous_total_debit)) . '</td>';
 				print "<td>&nbsp;</td>\n";
 				print '</tr>';
 			}
@@ -293,10 +293,10 @@ if ($action != 'export_csv')
 
 		print '<td>' . length_accountg($line->numero_compte) . '</td>';
 		print '<td>' . $description . '</td>';
-		print '<td align="right">' . price($line->debit) . '</td>';
-		print '<td align="right">' . price($line->credit) . '</td>';
-		print '<td align="right">' . price($line->credit - $line->debit) . '</td>';
-		print '<td align="center">' . $link;
+		print '<td class="nowrap right">' . price($line->debit) . '</td>';
+		print '<td class="nowrap right">' . price($line->credit) . '</td>';
+		print '<td class="nowrap right">' . price($line->debit - $line->credit) . '</td>';
+		print '<td class="center">' . $link;
 		print '</td>';
 		print "</tr>\n";
 
@@ -305,11 +305,11 @@ if ($action != 'export_csv')
 		$sous_total_credit += $line->credit;
 	}
 
-	print '<tr class="liste_total"><td align="right" colspan="2">' . $langs->trans("SubTotal") . ':</td><td class="nowrap" align="right">' . price($sous_total_debit) . '</td><td class="nowrap" align="right">' . price($sous_total_credit) . '</td><td class="nowrap" align="right">' . price(price2num($sous_total_credit - $sous_total_debit)) . '</td>';
+	print '<tr class="liste_total"><td class="right" colspan="2">' . $langs->trans("SubTotal") . ':</td><td class="nowrap right">' . price($sous_total_debit) . '</td><td class="nowrap right">' . price($sous_total_credit) . '</td><td class="nowrap right">' . price(price2num($sous_total_debit - $sous_total_credit)) . '</td>';
 	print "<td>&nbsp;</td>\n";
 	print '</tr>';
 
-	print '<tr class="liste_total"><td align="right" colspan="2">' . $langs->trans("AccountBalance") . ':</td><td class="nowrap" align="right">' . price($total_debit) . '</td><td class="nowrap" align="right">' . price($total_credit) . '</td><td class="nowrap" align="right">' . price(price2num($total_credit - $total_debit)) . '</td>';
+	print '<tr class="liste_total"><td class="right" colspan="2">' . $langs->trans("AccountBalance") . ':</td><td class="nowrap right">' . price($total_debit) . '</td><td class="nowrap right">' . price($total_credit) . '</td><td class="nowrap right">' . price(price2num($total_debit - $total_credit)) . '</td>';
 	print "<td>&nbsp;</td>\n";
 	print '</tr>';
 

htdocs/accountancy/bookkeeping/card.php

@@ -641,8 +641,8 @@ if ($action == 'create')
 						print '<td>' . $accountingaccount->getNomUrl(0,1,1,'',0) . '</td>';
 						print '<td>' . length_accounta($line->subledger_account) . '</td>';
 						print '<td>' . $line->label_operation. '</td>';
-						print '<td align="right">' . price($line->debit) . '</td>';
-						print '<td align="right">' . price($line->credit) . '</td>';
+						print '<td class="nowrap right">' . price($line->debit) . '</td>';
+						print '<td class="nowrap right">' . price($line->credit) . '</td>';
 
 						print '<td align="center">';
 						print '<a href="' . $_SERVER["PHP_SELF"] . '?action=update&id=' . $line->id . '&piece_num=' . $line->piece_num . '&mode='.$mode.'">';
@@ -675,7 +675,7 @@ if ($action == 'create')
 					print $formaccounting->select_account($accountingaccount_number, 'accountingaccount_number', 1, array (), 1, 1, '');
 					print '</td>';
 					print '<td>';
-					// TODO For the moment we keep a fre input text instead of a combo. The select_auxaccount has problem because it does not
+					// TODO For the moment we keep a free input text instead of a combo. The select_auxaccount has problem because it does not
 					// use setup of keypress to select thirdparty and this hang browser on large database.
 					if (! empty($conf->global->ACCOUNTANCY_COMBO_FOR_AUX))
 					{

htdocs/accountancy/bookkeeping/list.php

@@ -683,7 +683,7 @@ if ($num > 0)
 		// Amount debit
 		if (! empty($arrayfields['t.debit']['checked']))
 		{
-			print '<td align="right">' . ($line->debit ? price($line->debit) : ''). '</td>';
+			print '<td class="nowrap right">' . ($line->debit ? price($line->debit) : ''). '</td>';
 			if (! $i) $totalarray['nbfield']++;
 			if (! $i) $totalarray['totaldebitfield']=$totalarray['nbfield'];
 			$totalarray['totaldebit'] += $line->debit;
@@ -692,7 +692,7 @@ if ($num > 0)
 		// Amount credit
 		if (! empty($arrayfields['t.credit']['checked']))
 		{
-			print '<td align="right">' . ($line->credit ? price($line->credit) : '') . '</td>';
+			print '<td class="nowrap right">' . ($line->credit ? price($line->credit) : '') . '</td>';
 			if (! $i) $totalarray['nbfield']++;
 			if (! $i) $totalarray['totalcreditfield']=$totalarray['nbfield'];
 			$totalarray['totalcredit'] += $line->credit;
@@ -754,8 +754,8 @@ if ($num > 0)
 					if ($num < $limit && empty($offset)) print '<td align="left">'.$langs->trans("Total").'</td>';
 					else print '<td align="left">'.$langs->trans("Totalforthispage").'</td>';
 				}
-				elseif ($totalarray['totaldebitfield'] == $i)  print '<td align="right">'.price($totalarray['totaldebit']).'</td>';
-				elseif ($totalarray['totalcreditfield'] == $i) print '<td align="right">'.price($totalarray['totalcredit']).'</td>';
+				elseif ($totalarray['totaldebitfield'] == $i)  print '<td class="nowrap right">'.price($totalarray['totaldebit']).'</td>';
+				elseif ($totalarray['totalcreditfield'] == $i) print '<td class="nowrap right">'.price($totalarray['totalcredit']).'</td>';
 				else print '<td></td>';
 		}
 		print '</tr>';

htdocs/accountancy/class/accountancyexport.class.php

@@ -38,6 +38,7 @@
  */
 
 require_once DOL_DOCUMENT_ROOT . '/core/lib/functions.lib.php';
+require_once DOL_DOCUMENT_ROOT . '/core/lib/functions2.lib.php';
 
 class AccountancyExport
 {
@@ -658,9 +659,9 @@ class AccountancyExport
 		print $end_line;
 
 		foreach ( $objectLines as $line ) {
-			$date_creation = dol_print_date($line->date_creation, '%d%m%Y');
-			$date_doc = dol_print_date($line->doc_date, '%d%m%Y');
-			$date_valid = dol_print_date($line->date_validated, '%d%m%Y');
+			$date_creation = dol_print_date($line->date_creation, '%Y%m%d');
+			$date_doc = dol_print_date($line->doc_date, '%Y%m%d');
+			$date_valid = dol_print_date($line->date_validated, '%Y%m%d');
 
 			// FEC:JournalCode
 			print $line->code_journal . $separator;
@@ -696,10 +697,10 @@ class AccountancyExport
 			print $line->label_operation . $separator;
 
 			// FEC:Debit
-			print price2num($line->debit) . $separator;
+			print price2fec($line->debit) . $separator;
 
 			// FEC:Credit
-			print price2num($line->credit) . $separator;
+			print price2fec($line->credit) . $separator;
 
 			// FEC:EcritureLet
 			print $line->lettering_code . $separator;

htdocs/accountancy/class/accountancysystem.class.php

@@ -83,13 +83,13 @@ class AccountancySystem
 
 	    if ($rowid > 0 || $ref)
 	    {
-	        $sql  = "SELECT a.pcg_version, a.label, a.active";
+	        $sql  = "SELECT a.rowid, a.pcg_version, a.label, a.active";
 	        $sql .= " FROM " . MAIN_DB_PREFIX . "accounting_system as a";
 	        $sql .= " WHERE";
 	        if ($rowid) {
 	            $sql .= " a.rowid = '" . $rowid . "'";
 	        } elseif ($ref) {
-	            $sql .= " a.pcg_version = '" . $ref . "'";
+	            $sql .= " a.pcg_version = '" . $this->db->escape($ref) . "'";
 	        }
 
 	        dol_syslog(get_class($this) . "::fetch sql=" . $sql, LOG_DEBUG);

htdocs/accountancy/class/accountingaccount.class.php

@@ -149,12 +149,13 @@ class AccountingAccount extends CommonObject
 	/**
 	 * Load record in memory
 	 *
-	 * @param 	int 	$rowid 				   Id
-	 * @param 	string 	$account_number 	   Account number
-	 * @param 	int 	$limittocurrentchart   1=Do not load record if it is into another accounting system
-	 * @return 	int                            <0 if KO, 0 if not found, Id of record if OK and found
+	 * @param 	int 	       $rowid 				    Id
+	 * @param 	string 	       $account_number 	        Account number
+	 * @param 	int|boolean    $limittocurrentchart     1 or true=Load record only if it is into current active char of account
+	 * @param   string         $limittoachartaccount    'ABC'=Load record only if it is into chart account with code 'ABC'.
+	 * @return 	int                                     <0 if KO, 0 if not found, Id of record if OK and found
 	 */
-	function fetch($rowid = null, $account_number = null, $limittocurrentchart = 0)
+	function fetch($rowid = null, $account_number = null, $limittocurrentchart = 0, $limittoachartaccount = '')
 	{
 		global $conf;
 
@@ -172,6 +173,9 @@ class AccountingAccount extends CommonObject
 			if (! empty($limittocurrentchart)) {
 				$sql .= ' AND a.fk_pcg_version IN (SELECT pcg_version FROM ' . MAIN_DB_PREFIX . 'accounting_system WHERE rowid=' . $this->db->escape($conf->global->CHARTOFACCOUNTS) . ')';
 			}
+			if (! empty($limittoachartaccount)) {
+			    $sql .= " AND a.fk_pcg_version = '".$this->db->escape($limittoachartaccount)."'";
+			}
 
 			dol_syslog(get_class($this) . "::fetch sql=" . $sql, LOG_DEBUG);
 			$result = $this->db->query($sql);

htdocs/accountancy/class/bookkeeping.class.php

@@ -324,8 +324,8 @@ class BookKeeping extends CommonObject
 				$sql .= ", piece_num";
 				$sql .= ', entity';
 				$sql .= ") VALUES (";
-				$sql .= "'" . $this->db->idate($this->doc_date) . "'";
-				$sql .= ", ".(! isset($this->date_lim_reglement) || dol_strlen($this->date_lim_reglement) == 0 ? 'NULL' : "'" . $this->db->idate($this->date_lim_reglement) . "'");
+				$sql .= "'".$this->db->idate($this->doc_date)."'";
+				$sql .= ", ".(! isset($this->date_lim_reglement) || dol_strlen($this->date_lim_reglement) == 0 ? 'NULL' : "'".$this->db->idate($this->date_lim_reglement)."'");
 				$sql .= ",'" . $this->db->escape($this->doc_type) . "'";
 				$sql .= ",'" . $this->db->escape($this->doc_ref) . "'";
 				$sql .= "," . $this->fk_doc;
@@ -341,7 +341,7 @@ class BookKeeping extends CommonObject
 				$sql .= "," . $this->montant;
 				$sql .= ",'" . $this->db->escape($this->sens) . "'";
 				$sql .= ",'" . $this->db->escape($this->fk_user_author) . "'";
-				$sql .= ",'" . $this->db->idate($now). "'";
+				$sql .= ",'".$this->db->idate($now)."'";
 				$sql .= ",'" . $this->db->escape($this->code_journal) . "'";
 				$sql .= ",'" . $this->db->escape($this->journal_label) . "'";
 				$sql .= "," . $this->db->escape($this->piece_num);
@@ -472,14 +472,15 @@ class BookKeeping extends CommonObject
 	 */
     public function createStd(User $user, $notrigger = false, $mode='')
     {
-		global $conf;
+		global $conf, $langs;
+
+        $langs->loadLangs(array("accountancy", "bills", "compta"));
 
 		dol_syslog(__METHOD__, LOG_DEBUG);
 
 		$error = 0;
 
 		// Clean parameters
-
 		if (isset($this->doc_type)) {
 			$this->doc_type = trim($this->doc_type);
 		}
@@ -546,10 +547,10 @@ class BookKeeping extends CommonObject
 		$now = dol_now();
 
 		// Check parameters
-		// Put here code to add control on parameters values
+        $this->journal_label = $langs->trans($this->journal_label);
 
 		// Insert request
-		$sql = 'INSERT INTO ' . MAIN_DB_PREFIX . $this->table_element . $mode.'(';
+		$sql = 'INSERT INTO ' . MAIN_DB_PREFIX . $this->table_element . $mode.' (';
 		$sql .= 'doc_date,';
 		$sql .= 'date_lim_reglement,';
 		$sql .= 'doc_type,';
@@ -573,7 +574,7 @@ class BookKeeping extends CommonObject
 		$sql .= 'piece_num,';
 		$sql .= 'entity';
 		$sql .= ') VALUES (';
-		$sql .= ' ' . (! isset($this->doc_date) || dol_strlen($this->doc_date) == 0 ? 'NULL' : "'" . $this->db->idate($this->doc_date) . "'") . ',';
+		$sql .= ' ' . (! isset($this->doc_date) || dol_strlen($this->doc_date) == 0 ? 'NULL' : "'".$this->db->idate($this->doc_date)."'") . ',';
 		$sql .= ' ' . (! isset($this->date_lim_reglement) || dol_strlen($this->date_lim_reglement) == 0 ? 'NULL' : "'" . $this->db->idate($this->date_lim_reglement) . "'") . ',';
 		$sql .= ' ' . (! isset($this->doc_type) ? 'NULL' : "'" . $this->db->escape($this->doc_type) . "'") . ',';
 		$sql .= ' ' . (! isset($this->doc_ref) ? 'NULL' : "'" . $this->db->escape($this->doc_ref) . "'") . ',';
@@ -590,7 +591,7 @@ class BookKeeping extends CommonObject
 		$sql .= ' ' . (! isset($this->montant) ? 'NULL' : $this->montant ). ',';
 		$sql .= ' ' . (! isset($this->sens) ? 'NULL' : "'" . $this->db->escape($this->sens) . "'") . ',';
 		$sql .= ' ' . $user->id . ',';
-		$sql .= ' ' . "'" . $this->db->idate($now) . "',";
+		$sql .= ' ' . "'".$this->db->idate($now)."',";
 		$sql .= ' ' . (empty($this->code_journal) ? 'NULL' : "'" . $this->db->escape($this->code_journal) . "'") . ',';
 		$sql .= ' ' . (empty($this->journal_label) ? 'NULL' : "'" . $this->db->escape($this->journal_label) . "'") . ',';
 		$sql .= ' ' . (empty($this->piece_num) ? 'NULL' : $this->db->escape($this->piece_num)).',';
@@ -1163,7 +1164,7 @@ class BookKeeping extends CommonObject
 
 		// Update request
 		$sql = 'UPDATE ' . MAIN_DB_PREFIX . $this->table_element . $mode.' SET';
-		$sql .= ' doc_date = ' . (! isset($this->doc_date) || dol_strlen($this->doc_date) != 0 ? "'" . $this->db->idate($this->doc_date) . "'" : 'null') . ',';
+		$sql .= ' doc_date = ' . (! isset($this->doc_date) || dol_strlen($this->doc_date) != 0 ? "'".$this->db->idate($this->doc_date)."'" : 'null') . ',';
 		$sql .= ' doc_type = ' . (isset($this->doc_type) ? "'" . $this->db->escape($this->doc_type) . "'" : "null") . ',';
 		$sql .= ' doc_ref = ' . (isset($this->doc_ref) ? "'" . $this->db->escape($this->doc_ref) . "'" : "null") . ',';
 		$sql .= ' fk_doc = ' . (isset($this->fk_doc) ? $this->fk_doc : "null") . ',';
@@ -1687,34 +1688,36 @@ class BookKeeping extends CommonObject
 	 * @param  string   $piece_num      Piece num
 	 * @return int                      int <0 if KO, >0 if OK
 	 */
-	public function transformTransaction($direction=0,$piece_num='')
+	public function transformTransaction($direction = 0, $piece_num = '')
 	{
 		$error = 0;
 
 		$this->db->begin();
 
-		if ($direction==0)
+        if ($direction==0)
 		{
 			$next_piecenum=$this->getNextNumMvt();
+            $now = dol_now();
+
 			if ($next_piecenum < 0) {
 				$error++;
 			}
-			$sql = 'INSERT INTO ' . MAIN_DB_PREFIX . $this->table_element.'(doc_date, doc_type,';
+			$sql = 'INSERT INTO ' . MAIN_DB_PREFIX . $this->table_element . ' (doc_date, doc_type,';
 			$sql .= ' doc_ref, fk_doc, fk_docdet, entity, thirdparty_code, subledger_account, subledger_label,';
 			$sql .= ' numero_compte, label_compte, label_operation, debit, credit,';
-			$sql .= ' montant, sens, fk_user_author, import_key, code_journal, journal_label, piece_num)';
-			$sql .= 'SELECT doc_date, doc_type,';
+			$sql .= ' montant, sens, fk_user_author, import_key, code_journal, journal_label, piece_num, date_creation)';
+			$sql .= ' SELECT doc_date, doc_type,';
 			$sql .= ' doc_ref, fk_doc, fk_docdet, entity, thirdparty_code, subledger_account, subledger_label,';
 			$sql .= ' numero_compte, label_compte, label_operation, debit, credit,';
-			$sql .= ' montant, sens, fk_user_author, import_key, code_journal, journal_label, '.$next_piecenum.'';
-			$sql .= ' FROM '.MAIN_DB_PREFIX . $this->table_element.'_tmp WHERE piece_num = '.$piece_num;
+			$sql .= ' montant, sens, fk_user_author, import_key, code_journal, journal_label, ' . $next_piecenum . ", '".$this->db->idate($now)."'";
+			$sql .= ' FROM ' . MAIN_DB_PREFIX . $this->table_element . '_tmp WHERE piece_num = ' . $this->db->escape($piece_num);
 			$resql = $this->db->query($sql);
 			if (! $resql) {
 				$error ++;
 				$this->errors[] = 'Error ' . $this->db->lasterror();
 				dol_syslog(__METHOD__ . ' ' . join(',', $this->errors), LOG_ERR);
 			}
-			$sql = 'DELETE FROM '.MAIN_DB_PREFIX . $this->table_element.'_tmp WHERE piece_num = '.$piece_num;
+			$sql = 'DELETE FROM ' . MAIN_DB_PREFIX . $this->table_element . '_tmp WHERE piece_num = ' . $this->db->escape($piece_num);
 			$resql = $this->db->query($sql);
 			if (! $resql) {
 				$error ++;
@@ -1722,29 +1725,29 @@ class BookKeeping extends CommonObject
 				dol_syslog(__METHOD__ . ' ' . join(',', $this->errors), LOG_ERR);
 			}
 		} elseif ($direction==1) {
-			$sql = 'DELETE FROM ' . MAIN_DB_PREFIX . $this->table_element.'_tmp WHERE piece_num = '.$piece_num;
+			$sql = 'DELETE FROM ' . MAIN_DB_PREFIX . $this->table_element . '_tmp WHERE piece_num = ' . $piece_num;
 			$resql = $this->db->query($sql);
 			if (! $resql) {
 				$error ++;
 				$this->errors[] = 'Error ' . $this->db->lasterror();
 				dol_syslog(__METHOD__ . ' ' . join(',', $this->errors), LOG_ERR);
 			}
-			$sql = 'INSERT INTO ' . MAIN_DB_PREFIX . $this->table_element.'_tmp(doc_date, doc_type,';
+			$sql = 'INSERT INTO ' . MAIN_DB_PREFIX . $this->table_element . '_tmp (doc_date, doc_type,';
 			$sql .= ' doc_ref, fk_doc, fk_docdet, thirdparty_code, subledger_account, subledger_label,';
 			$sql .= ' numero_compte, label_compte, label_operation, debit, credit,';
 			$sql .= ' montant, sens, fk_user_author, import_key, code_journal, journal_label, piece_num)';
-			$sql .= 'SELECT doc_date, doc_type,';
+			$sql .= ' SELECT doc_date, doc_type,';
 			$sql .= ' doc_ref, fk_doc, fk_docdet, thirdparty_code, subledger_account, subledger_label,';
 			$sql .= ' numero_compte, label_compte, label_operation, debit, credit,';
 			$sql .= ' montant, sens, fk_user_author, import_key, code_journal, journal_label, piece_num';
-			$sql .= ' FROM '.MAIN_DB_PREFIX . $this->table_element.' WHERE piece_num = '.$piece_num;
+			$sql .= ' FROM ' . MAIN_DB_PREFIX . $this->table_element.' WHERE piece_num = ' . $piece_num;
 			$resql = $this->db->query($sql);
 			if (! $resql) {
 				$error ++;
 				$this->errors[] = 'Error ' . $this->db->lasterror();
 				dol_syslog(__METHOD__ . ' ' . join(',', $this->errors), LOG_ERR);
 			}
-			$sql = 'DELETE FROM '.MAIN_DB_PREFIX . $this->table_element.'_tmp WHERE piece_num = '.$piece_num;
+			$sql = 'DELETE FROM ' . MAIN_DB_PREFIX . $this->table_element . '_tmp WHERE piece_num = ' . $piece_num;
 			$resql = $this->db->query($sql);
 			if (! $resql) {
 				$error ++;

htdocs/accountancy/index.php

@@ -1,6 +1,7 @@
 <?php
 /* Copyright (C) 2016       Laurent Destailleur      <eldy@users.sourceforge.net>
  * Copyright (C) 2016-2018  Alexandre Spangaro       <aspangaro@zendsi.com>
+ * Copyright (C) 2019       Frédéric France             <frederic.france@netlogic.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -47,6 +48,7 @@ if ($user->societe_id > 0)
 llxHeader('', $langs->trans("AccountancyArea"));
 
 print load_fiche_titre($langs->trans("AccountancyArea"), '', 'title_accountancy');
+dol_fiche_head();
 
 $step = 0;
 
@@ -165,6 +167,7 @@ else
 {
 	print $langs->trans("Module10Desc")."<br>\n";
 }
+dol_fiche_end();
 
 // End of page
 llxFooter();

htdocs/accountancy/journal/bankjournal.php

@@ -719,7 +719,7 @@ if (! $error && $action == 'writebookkeeping') {
 			}
 		}
 
-		if (price2num($totaldebit) != price2num($totalcredit))
+		if (price2num($totaldebit, 'MT') != price2num($totalcredit, 'MT'))
 		{
 			$error++;
 			$errorforline++;

htdocs/accountancy/journal/expensereportsjournal.php

@@ -359,7 +359,7 @@ if ($action == 'writebookkeeping') {
 		}
 
 		// Protection against a bug on line before
-		if (price2num($totaldebit) != price2num($totalcredit))
+		if (price2num($totaldebit, 'MT') != price2num($totalcredit, 'MT'))
 		{
 			$error++;
 			$errorforline++;

htdocs/accountancy/journal/purchasesjournal.php

@@ -519,7 +519,7 @@ if ($action == 'writebookkeeping') {
 		}
 
 		// Protection against a bug on lines before
-		if (! $errorforline && (price2num($totaldebit) != price2num($totalcredit)))
+		if (! $errorforline && (price2num($totaldebit, 'MT') != price2num($totalcredit, 'MT')))
 		{
 			$error++;
 			$errorforline++;

htdocs/accountancy/journal/sellsjournal.php

@@ -478,7 +478,7 @@ if ($action == 'writebookkeeping') {
 		}
 
 		// Protection against a bug on lines before
-		if (! $errorforline && (price2num($totaldebit) != price2num($totalcredit)))
+		if (! $errorforline && (price2num($totaldebit, 'MT') != price2num($totalcredit, 'MT')))
 		{
 			$error++;
 			$errorforline++;

htdocs/accountancy/tpl/export_journal.tpl.php

@@ -55,7 +55,7 @@ if ($conf->global->ACCOUNTING_EXPORT_MODELCSV == "11" && $type_export == "genera
 
 	$endaccountingperiod = dol_print_date(dol_get_last_day($tmparray['year'], $tmparray['mon']), 'dayxcard');
 
-	$completefilename = $siren . "FEC" . $endaccountingperiod . "." . $format;
+	$completefilename = $siren . "FEC" . $endaccountingperiod . ".txt";
 }
 else
 {

htdocs/adherents/admin/adherent.php

@@ -212,7 +212,7 @@ if ($conf->facture->enabled)
 	{
 		print '<tr class="oddeven"><td>'.$langs->trans("ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS").'</td>';
 		print '<td>';
-		$form->select_produits($conf->global->ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS, 'ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS');
+		$form->select_produits($conf->global->ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS, 'ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS', '', 0);
 		print '</td>';
 	}
 	print "</tr>\n";

htdocs/adherents/card.php

@@ -646,7 +646,7 @@ if (empty($reshook))
 
 				if (empty($labeltouse) || (int) $labeltouse === -1) {
 					//fallback on the old configuration.
-					setEventMessages('WarningMandatorySetupNotComplete', [], 'errors');
+					setEventMessages('WarningMandatorySetupNotComplete', null, 'errors');
 					$error++;
 				}
 				else {
@@ -1161,7 +1161,7 @@ else
 		}
 		// Morphy
 		$morphys["phy"] = $langs->trans("Physical");
-		$morphys["mor"] = $langs->trans("Morale");
+		$morphys["mor"] = $langs->trans("Moral");
 		print '<tr><td><span class="fieldrequired">'.$langs->trans("Nature").'</span></td><td>';
 		print $form->selectarray("morphy", $morphys, (GETPOSTISSET("morphy")?GETPOST("morphy",'alpha'):$object->morphy));
 		print "</td></tr>";

htdocs/adherents/note.php

@@ -75,7 +75,7 @@ if ($id)
 
 	$linkback = '<a href="'.DOL_URL_ROOT.'/adherents/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';
 
-	dol_banner_tab($object, 'rowid', $linkback);
+	dol_banner_tab($object, 'id', $linkback);
 
     print '<div class="fichecenter">';
 

htdocs/admin/delais.php

@@ -120,6 +120,12 @@ $modules=array(
     		        'img' => 'trip'
     		    )*/
 		),
+        'holiday' => array(
+            array(
+                'code' => 'MAIN_DELAY_HOLIDAYS',
+                'img' => 'holiday'
+            ),
+        ),
 );
 
 $labelmeteo = array(0=>$langs->trans("No"), 1=>$langs->trans("Yes"), 2=>$langs->trans("OnMobileOnly"));

htdocs/admin/dict.php

@@ -1889,6 +1889,9 @@ function fieldList($fieldlist, $obj='', $tabname='', $context='')
 		    {
 		        print '<textarea cols="30" rows="'.ROWS_2.'" class="flat" name="'.$fieldlist[$field].'">'.(! empty($obj->{$fieldlist[$field]})?$obj->{$fieldlist[$field]}:'').'</textarea>';
 		    }
+            else{
+                print '<input type="hidden" name="'.$fieldlist[$field].'" value="'.$transkey.'">';
+            }
 		    print '</td>';
 		}
 		elseif ($fieldlist[$field] == 'price' || preg_match('/^amount/i',$fieldlist[$field])) {
@@ -1951,7 +1954,13 @@ function fieldList($fieldlist, $obj='', $tabname='', $context='')
 		}
 		else
 		{
-			if ($fieldlist[$field]=='sortorder') $fieldlist[$field]='position';
+
+            $fieldValue = isset($obj->{$fieldlist[$field]})?$obj->{$fieldlist[$field]}:'';
+
+			if ($fieldlist[$field]=='sortorder')
+            {
+                $fieldlist[$field]='position';
+            }
 
 			$classtd=''; $class='';
 			if ($fieldlist[$field]=='code') $classtd='width100';
@@ -1972,7 +1981,7 @@ function fieldList($fieldlist, $obj='', $tabname='', $context='')
 			    }
 			    if ($tabname == MAIN_DB_PREFIX.'c_payment_term') {
 			        $langs->load("bills");
-			        $transkey="PaymentCondition".strtoupper($obj->code);
+			        $transkey="PaymentConditionShort".strtoupper($obj->code);
 			    }
 			    if ($transkey && $langs->trans($transkey) != $transkey)
 			    {
@@ -1982,8 +1991,11 @@ function fieldList($fieldlist, $obj='', $tabname='', $context='')
 			}
 			if (! $transfound)
 			{
-                print '<input type="text" class="flat'.($class?' '.$class:'').'" value="'.(isset($obj->{$fieldlist[$field]})?$obj->{$fieldlist[$field]}:'').'" name="'.$fieldlist[$field].'">';
+                print '<input type="text" class="flat'.($class?' '.$class:'').'" value="'.dol_escape_htmltag($fieldValue).'" name="'.$fieldlist[$field].'">';
 			}
+            else{
+                print '<input type="hidden" name="'.$fieldlist[$field].'" value="'.$transkey.'">';
+            }
 			print '</td>';
 		}
 	}

htdocs/admin/dolistore/ajax/image.php

@@ -1,6 +1,7 @@
 <?php
 /* Copyright (C) 2017		 Oscss-Shop              <support@oscss-shop.fr>.
  * Copyright (C) 2008-2011   Laurent Destailleur     <eldy@users.sourceforge.net>
+ * Copyright (C) 2020       Frédéric France         <frederic.france@netlogic.fr>
  *
  * This program is free software; you can redistribute it and/or modifyion 2.0 (the "License");
  * it under the terms of the GNU General Public License as published bypliance with the License.
@@ -17,6 +18,9 @@
  */
 
 if (!defined('REQUIRE_JQUERY_BLOCKUI')) define('REQUIRE_JQUERY_BLOCKUI', 1);
+if (!defined('NOTOKENRENEWAL')) {
+    define('NOTOKENRENEWAL', 1);
+}
 
 
 /**

htdocs/admin/external_rss.php

@@ -66,8 +66,8 @@ else
 
 if ($action == 'add' || GETPOST("modify"))
 {
-    $external_rss_title = "external_rss_title_" . GETPOST("norss");
-    $external_rss_urlrss = "external_rss_urlrss_" . GETPOST("norss");
+    $external_rss_title = "external_rss_title_" . GETPOST("norss", 'int');
+    $external_rss_urlrss = "external_rss_urlrss_" . GETPOST("norss", 'int');
 
     if (! empty($_POST[$external_rss_urlrss]))
     {
@@ -95,7 +95,7 @@ if ($action == 'add' || GETPOST("modify"))
 		{
 			// Ajoute boite box_external_rss dans definition des boites
 	        $sql = "INSERT INTO ".MAIN_DB_PREFIX."boxes_def (file, note)";
-			$sql.= " VALUES ('box_external_rss.php','".$db->escape(GETPOST("norss").' ('.GETPOST($external_rss_title)).")')";
+			$sql.= " VALUES ('box_external_rss.php','".$db->escape(GETPOST("norss", 'int').' ('.GETPOST($external_rss_title, 'alpha')).")')";
 	        if (! $db->query($sql))
 	        {
 	        	dol_print_error($db);
@@ -103,8 +103,8 @@ if ($action == 'add' || GETPOST("modify"))
 	        }
 		}
 
-		$result1=dolibarr_set_const($db, "EXTERNAL_RSS_TITLE_" . GETPOST("norss"),GETPOST($external_rss_title),'chaine',0,'',$conf->entity);
-		if ($result1) $result2=dolibarr_set_const($db, "EXTERNAL_RSS_URLRSS_" . GETPOST("norss"),GETPOST($external_rss_urlrss),'chaine',0,'',$conf->entity);
+		$result1=dolibarr_set_const($db, "EXTERNAL_RSS_TITLE_" . GETPOST("norss", 'int'), GETPOST($external_rss_title, 'alpha'), 'chaine', 0, '', $conf->entity);
+		if ($result1) $result2=dolibarr_set_const($db, "EXTERNAL_RSS_URLRSS_" . GETPOST("norss", 'int'), GETPOST($external_rss_urlrss, 'alpha'), 'chaine', 0, '', $conf->entity);
 
         if ($result1 && $result2)
         {
@@ -122,13 +122,13 @@ if ($action == 'add' || GETPOST("modify"))
 
 if ($_POST["delete"])
 {
-    if(GETPOST("norss"))
+    if (GETPOST("norss", 'int'))
     {
         $db->begin();
 
 		// Supprime boite box_external_rss de definition des boites
         $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."boxes_def";
-        $sql.= " WHERE file = 'box_external_rss.php' AND note LIKE '".$db->escape(GETPOST("norss"))." %'";
+        $sql.= " WHERE file = 'box_external_rss.php' AND note LIKE '".$db->escape(GETPOST("norss", 'int'))." %'";
 
 		$resql=$db->query($sql);
 		if ($resql)
@@ -168,8 +168,8 @@ if ($_POST["delete"])
         }
 
 
-		$result1=dolibarr_del_const($db,"EXTERNAL_RSS_TITLE_" . GETPOST("norss"),$conf->entity);
-		if ($result1) $result2=dolibarr_del_const($db,"EXTERNAL_RSS_URLRSS_" . GETPOST("norss"),$conf->entity);
+		$result1=dolibarr_del_const($db,"EXTERNAL_RSS_TITLE_" . GETPOST("norss", 'int'), $conf->entity);
+		if ($result1) $result2=dolibarr_del_const($db,"EXTERNAL_RSS_URLRSS_" . GETPOST("norss", 'int'), $conf->entity);
 
         if ($result1 && $result2)
         {
@@ -270,13 +270,13 @@ if ($resql)
 
 		print '<tr class="oddeven">';
 		print "<td width=\"100px\">".$langs->trans("Title")."</td>";
-		print "<td><input type=\"text\" class=\"flat minwidth300\" name=\"external_rss_title_" . $idrss . "\" value=\"" . $conf->global->$keyrsstitle . "\"></td>";
+		print "<td><input type=\"text\" class=\"flat minwidth300\" name=\"external_rss_title_" . $idrss . "\" value=\"" . dol_escape_htmltag($conf->global->$keyrsstitle) . "\"></td>";
 		print "</tr>";
 
 
 		print '<tr class="oddeven">';
 		print "<td>".$langs->trans("URL")."</td>";
-		print "<td><input type=\"text\" class=\"flat minwidth300\" name=\"external_rss_urlrss_" . $idrss . "\" value=\"" . $conf->global->$keyrssurl . "\"></td>";
+		print "<td><input type=\"text\" class=\"flat minwidth300\" name=\"external_rss_urlrss_" . $idrss . "\" value=\"" . dol_escape_htmltag($conf->global->$keyrssurl) . "\"></td>";
 		print "</tr>";
 
 

htdocs/admin/holiday.php

@@ -1,8 +1,8 @@
 <?php
-/* Copyright (C) 2011-2013      Juanjo Menent	    <jmenent@2byte.es>
+/* Copyright (C) 2011-2019      Juanjo Menent	    <jmenent@2byte.es>
  * Copyright (C) 2011-2018      Philippe Grand	    <philippe.grand@atoo-net.com>
  * Copyright (C) 2018		    Charlene Benke		<charlie@patas-monkey.com>
- * Copyright (C) 2018       Frédéric France         <frederic.france@netlogic.fr>
+ * Copyright (C) 2018			Frédéric France         <frederic.france@netlogic.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -55,7 +55,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_setmoduleoptions.inc.php';
 
 if ($action == 'updateMask')
 {
-    $maskconst = GETPOST('maskconstholidaty','alpha');
+    $maskconst = GETPOST('maskconstholiday','alpha');
     $maskvalue =  GETPOST('maskholiday','alpha');
     if ($maskconst) $res = dolibarr_set_const($db,$maskconst,$maskvalue,'chaine',0,'',$conf->entity);
 

htdocs/admin/mails_templates.php

@@ -50,7 +50,7 @@ $confirm    = GETPOST('confirm','alpha');												// Result of a confirmation
 
 $id			= GETPOST('id','int');
 $rowid		= GETPOST('rowid','alpha');
-$search_label=GETPOST('search_label','alpha');
+$search_label=GETPOST('search_label', 'alphanohtml');                                    // Must allow value like 'Abc Def' or '(MyTemplateName)'
 $search_type_template=GETPOST('search_type_template','alpha');
 $search_lang=GETPOST('search_lang','alpha');
 $search_fk_user=GETPOST('search_fk_user','intcomma');
@@ -262,6 +262,7 @@ if (empty($reshook))
             {
             	//var_dump($i.' - '.$listfieldvalue[$i].' - '.$_POST[$listfieldvalue[$i]].' - '.$value);
             	$keycode=$listfieldvalue[$i];
+            	if ($value == 'label') $_POST[$keycode] = dol_escape_htmltag($_POST[$keycode]);
             	if ($value == 'lang') $keycode='langcode';
                 if ($value == 'entity') $_POST[$keycode] = $conf->entity;
                 if ($i) $sql.=",";
@@ -666,8 +667,6 @@ if ($resql)
     print '<tr class="liste_titre">';
     foreach ($fieldlist as $field => $value)
     {
-        // Determine le nom du champ par rapport aux noms possibles
-        // dans les dictionnaires de donnees
         $showfield=1;							  	// By defaut
         $align="left";
         $sortable=1;
@@ -694,7 +693,7 @@ if ($resql)
 		if ($fieldlist[$field]=='content')         { $valuetoshow=$langs->trans("Content"); $showfield=0;}
 		if ($fieldlist[$field]=='content_lines')   { $valuetoshow=$langs->trans("ContentLines"); $showfield=0; }
 
-        // Affiche nom du champ
+        // Show fields
         if ($showfield)
         {
             if (! empty($tabhelp[$id][$value]))
@@ -812,6 +811,10 @@ if ($resql)
                         $showfield=1;
                     	$align="left";
                         $valuetoshow=$obj->{$fieldlist[$field]};
+                        if ($value == 'label' || $value == 'topic')
+                        {
+                            $valuetoshow = dol_escape_htmltag($valuetoshow);
+                        }
                         if ($value == 'type_template')
                         {
                             $valuetoshow = isset($elementList[$valuetoshow])?$elementList[$valuetoshow]:$valuetoshow;

htdocs/admin/modules.php

@@ -130,13 +130,13 @@ if ($action=='install')
     }
     else
     {
-        if (! preg_match('/\.zip$/i',$original_file))
+        if (! $error && ! preg_match('/\.zip$/i', $original_file))
         {
             $langs->load("errors");
             setEventMessages($langs->trans("ErrorFileMustBeADolibarrPackage",$original_file), null, 'errors');
             $error++;
         }
-    	if (! preg_match('/module_.*\-[\d]+\.[\d]+.*$/i',$original_file))
+    	if (! $error && ! preg_match('/^(module[a-zA-Z0-9]*|theme)_.*\-([0-9][0-9\.]*)\.zip$/i', $original_file))
 		{
 			$langs->load("errors");
 			setEventMessages($langs->trans("ErrorFilenameDosNotMatchDolibarrPackageRules",$original_file, 'module_*-x.y*.zip'), null, 'errors');
@@ -180,13 +180,13 @@ if ($action=='install')
             {
                 // Now we move the dir of the module
                 $modulename=preg_replace('/module_/', '', $original_file);
-                $modulename=preg_replace('/\-[\d]+\.[\d]+.*$/', '', $modulename);
+                $modulename=preg_replace('/\-([0-9][0-9\.]*)\.zip$/i', '', $modulename);
                 // Search dir $modulename
-                $modulenamedir=$conf->admin->dir_temp.'/'.$tmpdir.'/'.$modulename;
+                $modulenamedir=$conf->admin->dir_temp.'/'.$tmpdir.'/'.$modulename;		// Example .../mymodule
                 //var_dump($modulenamedir);
                 if (! dol_is_dir($modulenamedir))
                 {
-                    $modulenamedir=$conf->admin->dir_temp.'/'.$tmpdir.'/htdocs/'.$modulename;
+                	$modulenamedir=$conf->admin->dir_temp.'/'.$tmpdir.'/htdocs/'.$modulename;	// Example .../htdocs/mymodule
                     //var_dump($modulenamedir);
                     if (! dol_is_dir($modulenamedir))
                     {
@@ -195,10 +195,16 @@ if ($action=='install')
                     }
                 }
 
+                if (! $error)
+                {
+                	// TODO Make more test
+                }
+
+                // Now we install the module
                 if (! $error)
                 {
                     //var_dump($dirins);
-                    @dol_delete_dir_recursive($dirins.'/'.$modulename);
+                    @dol_delete_dir_recursive($dirins.'/'.$modulename);	// delete the zip file
                     dol_syslog("Uncompress of module file is a success. We copy it from ".$modulenamedir." into target dir ".$dirins.'/'.$modulename);
                     $result=dolCopyDir($modulenamedir, $dirins.'/'.$modulename, '0444', 1);
                     if ($result <= 0)

htdocs/admin/multicurrency.php

@@ -49,15 +49,14 @@ $action = GETPOST('action', 'alpha');
 if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg))
 {
 	$code=$reg[1];
-	$value=(GETPOST($code, 'alpha') ? GETPOST($code, 'alpha') : 1);
+	$value=GETPOST($code, 'alpha');
 	if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0)
 	{
-		header("Location: ".$_SERVER["PHP_SELF"]);
-		exit;
+        setEventMessages($langs->trans("SetupSaved"), null, 'mesgs');
 	}
 	else
 	{
-		dol_print_error($db);
+        setEventMessages($langs->trans("Error"), null, 'errors');
 	}
 }
 
@@ -66,12 +65,11 @@ if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg))
 	$code=$reg[1];
 	if (dolibarr_del_const($db, $code, 0) > 0)
 	{
-		header("Location: ".$_SERVER["PHP_SELF"]);
-		exit;
+        setEventMessages($langs->trans("SetupSaved"), null, 'mesgs');
 	}
 	else
 	{
-		dol_print_error($db);
+        setEventMessages($langs->trans("Error"), null, 'errors');
 	}
 }
 

htdocs/admin/pdf.php

@@ -3,6 +3,7 @@
  * Copyright (C) 2004-2012 Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2005-2011 Regis Houssin        <regis.houssin@inodbox.com>
  * Copyright (C) 2012-2107 Juanjo Menent		<jmenent@2byte.es>
+ * Copyright (C) 2019	   Ferran Marcet		<fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -61,6 +62,8 @@ if ($action == 'update')
 	dolibarr_set_const($db, "MAIN_PROFID2_IN_ADDRESS", $_POST["MAIN_PROFID2_IN_ADDRESS"],'chaine',0,'', $conf->entity);
 	dolibarr_set_const($db, "MAIN_PROFID3_IN_ADDRESS", $_POST["MAIN_PROFID3_IN_ADDRESS"],'chaine',0,'', $conf->entity);
 	dolibarr_set_const($db, "MAIN_PROFID4_IN_ADDRESS", $_POST["MAIN_PROFID4_IN_ADDRESS"],'chaine',0,'', $conf->entity);
+	dolibarr_set_const($db, "MAIN_PROFID5_IN_ADDRESS", $_POST["MAIN_PROFID5_IN_ADDRESS"],'chaine',0,'', $conf->entity);
+	dolibarr_set_const($db, "MAIN_PROFID6_IN_ADDRESS", $_POST["MAIN_PROFID6_IN_ADDRESS"],'chaine',0,'', $conf->entity);
 	dolibarr_set_const($db, "MAIN_GENERATE_DOCUMENTS_WITHOUT_VAT", $_POST["MAIN_GENERATE_DOCUMENTS_WITHOUT_VAT"],'chaine',0,'', $conf->entity);
 
 	dolibarr_set_const($db, "MAIN_TVAINTRA_NOT_IN_ADDRESS", $_POST["MAIN_TVAINTRA_NOT_IN_ADDRESS"],'chaine',0,'', $conf->entity);
@@ -177,76 +180,25 @@ if ($action == 'edit')	// Edit
     print $form->selectyesno('MAIN_TVAINTRA_NOT_IN_ADDRESS',(! empty($conf->global->MAIN_TVAINTRA_NOT_IN_ADDRESS))?$conf->global->MAIN_TVAINTRA_NOT_IN_ADDRESS:0,1);
     print '</td></tr>';
 
-    // Show prof id 1 in address into pdf
-
-    if (! $noCountryCode)
+    // Show prof id in address into pdf
+    for($i=1; $i<=6; $i++)
     {
-    	$pid1=$langs->transcountry("ProfId1",$mysoc->country_code);
-    	if ($pid1 == '-') $pid1=false;
-    }
-    else
-    {
-    	$pid1 = img_warning().' <font class="error">'.$langs->trans("ErrorFieldRequired",$langs->transnoentitiesnoconv("CompanyCountry")).'</font>';
-    }
-    if ($pid1)
-    {
-    	print '<tr class="oddeven"><td>'.$langs->trans("ShowProfIdInAddress").' - '.$pid1.'</td><td>';
-    	print $form->selectyesno('MAIN_PROFID1_IN_ADDRESS',isset($conf->global->MAIN_PROFID1_IN_ADDRESS)?$conf->global->MAIN_PROFID1_IN_ADDRESS:0,1,$noCountryCode);
-    	print '</td></tr>';
-    }
-
-    // Show prof id 2 in address into pdf
-
-    if (! $noCountryCode)
-    {
-    	$pid2=$langs->transcountry("ProfId2",$mysoc->country_code);
-    	if ($pid2 == '-') $pid2=false;
-    }
-    else
-    {
-    	$pid2 = img_warning().' <font class="error">'.$langs->trans("ErrorFieldRequired",$langs->transnoentitiesnoconv("CompanyCountry")).'</font>';
-    }
-    if ($pid2)
-    {
-    	print '<tr class="oddeven"><td>'.$langs->trans("ShowProfIdInAddress").' - '.$pid2.'</td><td>';
-    	print $form->selectyesno('MAIN_PROFID2_IN_ADDRESS',isset($conf->global->MAIN_PROFID2_IN_ADDRESS)?$conf->global->MAIN_PROFID2_IN_ADDRESS:0,1,$noCountryCode);
-    	print '</td></tr>';
-    }
-
-    // Show prof id 3 in address into pdf
-
-    if (! $noCountryCode)
-    {
-    	$pid3=$langs->transcountry("ProfId3",$mysoc->country_code);
-    	if ($pid3 == '-') $pid3=false;
-    }
-    else
-    {
-    	$pid3 = img_warning().' <font class="error">'.$langs->trans("ErrorFieldRequired",$langs->transnoentitiesnoconv("CompanyCountry")).'</font>';
-    }
-    if ($pid3)
-    {
-    	print '<tr class="oddeven"><td>'.$langs->trans("ShowProfIdInAddress").' - '.$pid3.'</td><td>';
-    	print $form->selectyesno('MAIN_PROFID3_IN_ADDRESS',isset($conf->global->MAIN_PROFID3_IN_ADDRESS)?$conf->global->MAIN_PROFID3_IN_ADDRESS:0,1,$noCountryCode);
-    	print '</td></tr>';
-    }
-
-    // Show prof id 4 in address into pdf
-
-    if (! $noCountryCode)
-    {
-    	$pid4=$langs->transcountry("ProfId4",$mysoc->country_code);
-    	if ($pid4 == '-') $pid4=false;
-    }
-    else
-    {
-    	$pid4 = img_warning().' <font class="error">'.$langs->trans("ErrorFieldRequired",$langs->transnoentitiesnoconv("CompanyCountry")).'</font>';
-    }
-    if ($pid4)
-    {
-    	print '<tr class="oddeven"><td>'.$langs->trans("ShowProfIdInAddress").' - '.$pid4.'</td><td>';
-    	print $form->selectyesno('MAIN_PROFID4_IN_ADDRESS',isset($conf->global->MAIN_PROFID4_IN_ADDRESS)?$conf->global->MAIN_PROFID4_IN_ADDRESS:0,1,$noCountryCode);
-    	print '</td></tr>';
+        if (! $noCountryCode)
+        {
+            $pid=$langs->transcountry("ProfId".$i, $mysoc->country_code);
+            if ($pid == '-') $pid=false;
+        }
+        else
+        {
+            $pid = img_warning().' <font class="error">'.$langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("CompanyCountry")).'</font>';
+        }
+        if ($pid)
+        {
+            print '<tr class="oddeven"><td>'.$langs->trans("ShowProfIdInAddress").' - '.$pid.'</td><td>';
+            $keyforconstant = 'MAIN_PROFID'.$i.'_IN_ADDRESS';
+            print $form->selectyesno($keyforconstant, isset($conf->global->$keyforconstant)?$conf->global->$keyforconstant:0, 1, $noCountryCode);
+            print '</td></tr>';
+        }
     }
 
 	print '</table>';
@@ -328,6 +280,12 @@ if ($action == 'edit')	// Edit
     print $form->selectyesno('MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS',(! empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS))?$conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS:0,1);
     print '</td></tr>';
 
+	//Invert sender and recipient
+
+	print '<tr class="oddeven"><td>'.$langs->trans("SwapSenderAndRecipientOnPDF").'</td><td>';
+	print $form->selectyesno('MAIN_INVERT_SENDER_RECIPIENT',(! empty($conf->global->MAIN_INVERT_SENDER_RECIPIENT))?$conf->global->MAIN_INVERT_SENDER_RECIPIENT:0,1);
+	print '</td></tr>';
+
  	// Place customer adress to the ISO location
 
     print '<tr class="oddeven"><td>'.$langs->trans("PlaceCustomerAddressToIsoLocation").'</td><td>';
@@ -419,77 +377,26 @@ else	// Show
 	print yn($conf->global->MAIN_TVAINTRA_NOT_IN_ADDRESS,1);
 	print '</td></tr>';
 
-    // Show prof id 1 in address into pdf
-
-    if (! $noCountryCode)
-    {
-    	$pid1=$langs->transcountry("ProfId1",$mysoc->country_code);
-    	if ($pid1 == '-') $pid1=false;
-    }
-    else
-    {
-    	$pid1 = img_warning().' <font class="error">'.$langs->trans("ErrorFieldRequired",$langs->transnoentitiesnoconv("CompanyCountry")).'</font>';
-    }
-    if ($pid1)
-    {
-    	print '<tr class="oddeven"><td>'.$langs->trans("ShowProfIdInAddress").' - '.$pid1.'</td><td>';
-    	print yn($conf->global->MAIN_PROFID1_IN_ADDRESS,1);
-    	print '</td></tr>';
-    }
-
-    // Show prof id 2 in address into pdf
-
-    if (! $noCountryCode)
-    {
-    	$pid2=$langs->transcountry("ProfId2",$mysoc->country_code);
-    	if ($pid2 == '-') $pid2=false;
-    }
-    else
-    {
-    	$pid2 = img_warning().' <font class="error">'.$langs->trans("ErrorFieldRequired",$langs->transnoentitiesnoconv("CompanyCountry")).'</font>';
-    }
-    if ($pid2)
-    {
-    	print '<tr class="oddeven"><td>'.$langs->trans("ShowProfIdInAddress").' - '.$pid2.'</td><td>';
-    	print yn($conf->global->MAIN_PROFID2_IN_ADDRESS,1);
-    	print '</td></tr>';
-    }
-
-    // Show prof id 3 in address into pdf
-
-    if (! $noCountryCode)
-    {
-    	$pid3=$langs->transcountry("ProfId3",$mysoc->country_code);
-    	if ($pid3 == '-') $pid3=false;
-    }
-    else
-    {
-    	$pid3 = img_warning().' <font class="error">'.$langs->trans("ErrorFieldRequired",$langs->transnoentitiesnoconv("CompanyCountry")).'</font>';
-    }
-    if ($pid3)
-    {
-    	print '<tr class="oddeven"><td>'.$langs->trans("ShowProfIdInAddress").' - '.$pid3.'</td><td>';
-    	print yn($conf->global->MAIN_PROFID3_IN_ADDRESS,1);
-    	print '</td></tr>';
-    }
-
-    // Show prof id 4 in address into pdf
-
-    if (! $noCountryCode)
-    {
-    	$pid4=$langs->transcountry("ProfId4",$mysoc->country_code);
-    	if ($pid4 == '-') $pid4=false;
-    }
-    else
-    {
-    	$pid4 = img_warning().' <font class="error">'.$langs->trans("ErrorFieldRequired",$langs->transnoentitiesnoconv("CompanyCountry")).'</font>';
-    }
-    if ($pid4)
-    {
-    	print '<tr class="oddeven"><td>'.$langs->trans("ShowProfIdInAddress").' - '.$pid4.'</td><td>';
-    	print yn($conf->global->MAIN_PROFID4_IN_ADDRESS,1);
-    	print '</td></tr>';
-    }
+	// Show prof id in address into pdf
+	for ($i=1; $i<=6; $i++)
+	{
+	    if (! $noCountryCode)
+	    {
+	        $pid=$langs->transcountry("ProfId".$i, $mysoc->country_code);
+	        if ($pid == '-') $pid=false;
+	    }
+	    else
+	    {
+	        $pid = img_warning().' <font class="error">'.$langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("CompanyCountry")).'</font>';
+	    }
+	    if ($pid)
+	    {
+	        print '<tr class="oddeven"><td>'.$langs->trans("ShowProfIdInAddress").' - '.$pid.'</td><td>';
+	        $keyforconstant = 'MAIN_PROFID'.$i.'_IN_ADDRESS';
+	        print yn($conf->global->$keyforconstant, 1);
+	        print '</td></tr>';
+	    }
+	}
 
     print '</table>'."\n";
 	print '</div>';

htdocs/admin/system/database-tables.php

@@ -36,7 +36,13 @@ $action=GETPOST('action','alpha');
 
 if ($action == 'convert')
 {
-	$db->query("alter table ".$_GET["table"]." ENGINE=INNODB");
+    $sql="ALTER TABLE ".$db->escape(GETPOST("table", "aZ09"))." ENGINE=INNODB";
+	$db->query($sql);
+}
+if ($action == 'convertutf8')
+{
+    $sql="ALTER TABLE ".$db->escape(GETPOST("table", "aZ09"))." CHARACTER SET utf8 COLLATE utf8_unicode_ci";
+    $db->query($sql);
 }
 
 
@@ -111,9 +117,9 @@ else
 
 				print '<td><a href="dbtable.php?table='.$obj->Name.'">'.$obj->Name.'</a></td>';
 				print '<td>'.$obj->Engine.'</td>';
-				if (isset($row[1]) && $row[1] == "MyISAM")
+				if (isset($obj->Engine) && $obj->Engine == "MyISAM")
 				{
-					print '<td><a href="database-tables.php?action=convert&amp;table='.$row[0].'">'.$langs->trans("Convert").'</a></td>';
+				    print '<td><a class="reposition" href="database-tables.php?action=convert&amp;table='.$obj->Name.'">'.$langs->trans("Convert").' InnoDB</a></td>';
 				}
 				else
 				{
@@ -127,7 +133,12 @@ else
 				print '<td align="right">'.$obj->Index_length.'</td>';
 				print '<td align="right">'.$obj->Auto_increment.'</td>';
 				print '<td align="right">'.$obj->Check_time.'</td>';
-				print '<td align="right">'.$obj->Collation.'</td>';
+				print '<td align="right">'.$obj->Collation;
+				if (isset($obj->Collation) && ($obj->Collation == "utf8mb4_general_ci" || $obj->Collation == "utf8mb4_unicode_ci"))
+				{
+				    print '<br><a class="reposition" href="database-tables.php?action=convertutf8&amp;table='.$obj->Name.'">'.$langs->trans("Convert").' UTF8</a>';
+				}
+				print '</td>';
 				print '</tr>';
 				$i++;
 			}

htdocs/admin/system/filecheck.php

@@ -2,7 +2,7 @@
 /* Copyright (C) 2005-2016  Laurent Destailleur     <eldy@users.sourceforge.net>
  * Copyright (C) 2007       Rodolphe Quiedeville    <rodolphe@quiedeville.org>
  * Copyright (C) 2007-2012  Regis Houssin           <regis.houssin@inodbox.com>
- * Copyright (C) 2015       Frederic France         <frederic.france@free.fr>
+ * Copyright (C) 2015-2019  Frederic France         <frederic.france@netlogic.fr>
  * Copyright (C) 2017       Nicolas ZABOURI         <info@inovea-conseil.com>
  *
  * This program is free software; you can redistribute it and/or modify
@@ -214,7 +214,7 @@ if (! $error && $xml)
         $includecustom=(empty($xml->dolibarr_htdocs_dir[0]['includecustom'])?0:$xml->dolibarr_htdocs_dir[0]['includecustom']);
 
         // Defined qualified files (must be same than into generate_filelist_xml.php)
-        $regextoinclude='\.(php|css|html|js|json|tpl|jpg|png|gif|sql|lang)$';
+        $regextoinclude='\.(php|php3|php4|php5|phtml|phps|phar|inc|css|scss|html|xml|js|json|tpl|jpg|jpeg|png|gif|ico|sql|lang|txt|yml|md|mp3|mp4|wav|mkv|z|gz|zip|rar|tar|less|svg|eot|woff|woff2|ttf|manifest)$';
         $regextoexclude='('.($includecustom?'':'custom|').'documents|conf|install|public\/test|Shared\/PCLZip|nusoap\/lib\/Mail|php\/example|php\/test|geoip\/sample.*\.php|ckeditor\/samples|ckeditor\/adapters)$';  // Exclude dirs
         $scanfiles = dol_dir_list(DOL_DOCUMENT_ROOT, 'files', 1, $regextoinclude, $regextoexclude);
 

htdocs/admin/tools/dolibarr_export.php

@@ -29,15 +29,15 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
 
 $langs->load("admin");
 
-$action=GETPOST('action','alpha');
+$action=GETPOST('action', 'alpha');
 
-$sortfield = GETPOST('sortfield','alpha');
-$sortorder = GETPOST('sortorder','alpha');
-$page = GETPOST('page','int');
+$sortfield = GETPOST('sortfield', 'alpha');
+$sortorder = GETPOST('sortorder', 'alpha');
+$page = GETPOST('page', 'int');
 if (! $sortorder) $sortorder="DESC";
 if (! $sortfield) $sortfield="date";
 if (empty($page) || $page == -1) { $page = 0; }
-$limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit;
+$limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit;
 $offset = $limit * $page;
 
 if (! $user->admin)
@@ -50,10 +50,20 @@ if (! $user->admin)
 
 if ($action == 'delete')
 {
-	$file=$conf->admin->dir_output.'/backup/'.basename(GETPOST('urlfile', 'alpha'));
-    $ret=dol_delete_file($file, 1);
-    if ($ret) setEventMessages($langs->trans("FileWasRemoved", GETPOST('urlfile')), null, 'mesgs');
-    else setEventMessages($langs->trans("ErrorFailToDeleteFile", GETPOST('urlfile')), null, 'errors');
+	if (preg_match('/^backup\//', GETPOST('urlfile', 'alpha')))
+	{
+		$file=$conf->admin->dir_output.'/backup/'.basename(GETPOST('urlfile', 'alpha'));
+		$ret=dol_delete_file($file, 1);
+		if ($ret) setEventMessages($langs->trans("FileWasRemoved", GETPOST('urlfile')), null, 'mesgs');
+		else setEventMessages($langs->trans("ErrorFailToDeleteFile", GETPOST('urlfile')), null, 'errors');
+	}
+	else
+	{
+		$file=$conf->admin->dir_output.'/documents/'.basename(GETPOST('urlfile', 'alpha'));
+		$ret=dol_delete_file($file, 1);
+		if ($ret) setEventMessages($langs->trans("FileWasRemoved", GETPOST('urlfile')), null, 'mesgs');
+		else setEventMessages($langs->trans("ErrorFailToDeleteFile", GETPOST('urlfile')), null, 'errors');
+	}
     $action='';
 }
 
@@ -70,7 +80,7 @@ $type=$db->type;
 //var_dump($db);
 
 $help_url='EN:Backups|FR:Sauvegardes|ES:Copias_de_seguridad';
-llxHeader('','',$help_url);
+llxHeader('', '', $help_url);
 
 ?>
 <script type="text/javascript">
@@ -110,11 +120,11 @@ jQuery(document).ready(function() {
 </script>
 <?php
 
-print load_fiche_titre($langs->trans("Backup"),'','title_setup');
+print load_fiche_titre($langs->trans("Backup"), '', 'title_setup');
 //print_barre_liste($langs->trans("Backup"), '', '', '', '', '', $langs->trans("BackupDesc",DOL_DATA_ROOT), 0, 0, 'title_setup');
 
-print '<div class="center">';
-print $langs->trans("BackupDesc",DOL_DATA_ROOT);
+print '<div class="center opacitymedium">';
+print $langs->trans("BackupDesc", DOL_DATA_ROOT);
 print '</div>';
 print '<br>';
 
@@ -128,7 +138,7 @@ print '<br>';
 <fieldset id="fieldsetexport"><legend class="legendforfieldsetstep" style="font-size: 3em">1</legend>
 
 <?php
-print $langs->trans("BackupDesc3",$dolibarr_main_db_name).'<br>';
+print $langs->trans("BackupDesc3", $dolibarr_main_db_name).'<br>';
 //print $langs->trans("BackupDescY").'<br>';
 print '<br>';
 ?>
@@ -166,7 +176,7 @@ print '<tr '.$bc[false].'><td style="padding-left: 8px">';
 			</div>
 			<?php
 		}
-		else if (in_array($type, array('pgsql')))
+		elseif (in_array($type, array('pgsql')))
 		{
 			?>
 			<div class="formelementrow"><input type="radio" name="what"	value="postgresql" id="radio_dump_postgresql" />
@@ -234,6 +244,14 @@ print '<tr '.$bc[false].'><td style="padding-left: 8px">';
 				<option value="ORACLE">ORACLE</option>
 				<option value="POSTGRESQL">POSTGRESQL</option>
 			</select> <br>
+				<input type="checkbox" name="use_mysql_quick_param" value="yes" id="checkbox_use_quick" />
+				<label for="checkbox_use_quick">
+					<?php echo $form->textwithpicto(
+						$langs->trans('ExportUseMySQLQuickParameter'),
+						$langs->trans('ExportUseMySQLQuickParameterHelp')
+					); ?>
+				</label>
+				<br/>
 			<!-- <input type="checkbox" name="drop_database" value="yes"
 				id="checkbox_drop_database" /> <label for="checkbox_drop_database"><?php echo $langs->trans("AddDropDatabase"); ?></label>
 			-->
@@ -446,8 +464,10 @@ print "\n";
 
 
 <br>
-<div align="center"><input type="submit" class="button"
-	value="<?php echo $langs->trans("GenerateBackup") ?>" id="buttonGo" /><br>
+<div class="center">
+	<input type="submit" class="button reposition" value="<?php echo $langs->trans("GenerateBackup") ?>" id="buttonGo">
+	<input type="hidden" name="page_y" value="<?php echo GETPOST('page_y', 'int'); ?>">
+	<br>
 <br>
 
 <?php
@@ -459,7 +479,7 @@ if (! empty($_SESSION["commandbackuplastdone"]))
 
     //print $paramclear;
 
-    // Now run command and show result
+    // Now show result
     print '<b>'.$langs->trans("BackupResult").':</b> ';
 	print $_SESSION["commandbackupresult"];
 
@@ -469,7 +489,7 @@ if (! empty($_SESSION["commandbackuplastdone"]))
 }
 if (! empty($_SESSION["commandbackuptorun"]))
 {
-	print '<br><font class="warning">'.$langs->trans("YouMustRunCommandFromCommandLineAfterLoginToUser",$dolibarr_main_db_user,$dolibarr_main_db_user).':</font><br>'."\n";
+	print '<br><font class="warning">'.$langs->trans("YouMustRunCommandFromCommandLineAfterLoginToUser", $dolibarr_main_db_user, $dolibarr_main_db_user).':</font><br>'."\n";
 	print '<textarea id="commandbackuptoruntext" rows="'.ROWS_2.'" class="centpercent">'.$_SESSION["commandbackuptorun"].'</textarea><br>'."\n";
 	print ajax_autoselect("commandbackuptoruntext", 0);
 	print '<br>';
@@ -498,8 +518,8 @@ print '</table>';
 <div class="ficheaddleft">
 
 <?php
-$filearray=dol_dir_list($conf->admin->dir_output.'/backup','files',0,'','',$sortfield,(strtolower($sortorder)=='asc'?SORT_ASC:SORT_DESC),1);
-$result=$formfile->list_of_documents($filearray,null,'systemtools','',1,'backup/',1,0,$langs->trans("NoBackupFileAvailable"),0,$langs->trans("PreviousDumpFiles"));
+$filearray=dol_dir_list($conf->admin->dir_output.'/backup', 'files', 0, '', '', $sortfield, (strtolower($sortorder)=='asc'?SORT_ASC:SORT_DESC), 1);
+$result=$formfile->list_of_documents($filearray, null, 'systemtools', '', 1, 'backup/', 1, 0, $langs->trans("NoBackupFileAvailable"), 0, $langs->trans("PreviousDumpFiles"));
 print '<br>';
 ?>
 
@@ -519,7 +539,7 @@ print '<br>';
 <fieldset><legend class="legendforfieldsetstep" style="font-size: 3em">2</legend>
 
 <?php
-print $langs->trans("BackupDesc2",DOL_DATA_ROOT).'<br>';
+print $langs->trans("BackupDesc2", DOL_DATA_ROOT).'<br>';
 print $langs->trans("BackupDescX").'<br><br>';
 
 ?>
@@ -575,7 +595,7 @@ print "\n";
 
 ?>
 <br>
-<div align="center"><input type="submit" class="button"
+<div class="center"><input type="submit" class="button reposition"
 	value="<?php echo $langs->trans("GenerateBackup") ?>" id="buttonGo" /><br>
 <br>
 </div>
@@ -586,8 +606,8 @@ print "\n";
 <div class="ficheaddleft">
 
 <?php
-$filearray=dol_dir_list($conf->admin->dir_output.'/documents','files',0,'','',$sortfield,(strtolower($sortorder)=='asc'?SORT_ASC:SORT_DESC),1);
-$result=$formfile->list_of_documents($filearray,null,'systemtools','',1,'documents/',1,0,$langs->trans("NoBackupFileAvailable"),0,$langs->trans("PreviousDumpFiles"));
+$filearray=dol_dir_list($conf->admin->dir_output.'/documents', 'files', 0, '', '', $sortfield, (strtolower($sortorder)=='asc'?SORT_ASC:SORT_DESC), 1);
+$result=$formfile->list_of_documents($filearray, null, 'systemtools', '', 1, 'documents/', 1, 0, $langs->trans("NoBackupFileAvailable"), 0, $langs->trans("PreviousDumpFiles"));
 print '<br>';
 ?>
 
@@ -598,9 +618,6 @@ print '<br>';
 </fieldset>
 </form>
 
-
-
-
 <?php
 
 // End of page

htdocs/admin/tools/export_files.php

@@ -30,20 +30,22 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
 
 $langs->load("admin");
 
-$action=GETPOST('action','alpha');
-$what=GETPOST('what','alpha');
-$export_type=GETPOST('export_type','alpha');
-$file=GETPOST('zipfilename_template','alpha');
+$action=GETPOST('action', 'alpha');
+$what=GETPOST('what', 'alpha');
+$export_type=GETPOST('export_type', 'alpha');
+$file=GETPOST('zipfilename_template', 'alpha');
 $compression = GETPOST('compression');
 
-$sortfield = GETPOST('sortfield','alpha');
-$sortorder = GETPOST('sortorder','alpha');
-$page = GETPOST("page",'int');
+$file = dol_sanitizeFileName($file);
+
+$sortfield = GETPOST('sortfield', 'alpha');
+$sortorder = GETPOST('sortorder', 'alpha');
+$page = GETPOST("page", 'int');
 if (! $sortorder) $sortorder="DESC";
 if (! $sortfield) $sortfield="date";
 if ($page < 0) { $page = 0; }
 elseif (empty($page)) $page = 0;
-$limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit;
+$limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit;
 $offset = $limit * $page;
 
 if (! $user->admin) accessforbidden();
@@ -57,10 +59,11 @@ $errormsg='';
 
 if ($action == 'delete')
 {
-	$file=$conf->admin->dir_output.'/'.GETPOST('urlfile');
-	$ret=dol_delete_file($file, 1);
-	if ($ret) setEventMessages($langs->trans("FileWasRemoved", GETPOST('urlfile')), null, 'mesgs');
-	else setEventMessages($langs->trans("ErrorFailToDeleteFile", GETPOST('urlfile')), null, 'errors');
+    $filerelative = dol_sanitizeFileName(GETPOST('urlfile', 'alpha'));
+    $filepath=$conf->admin->dir_output.'/'.$filerelative;
+	$ret=dol_delete_file($filepath, 1);
+	if ($ret) setEventMessages($langs->trans("FileWasRemoved", $filerelative), null, 'mesgs');
+	else setEventMessages($langs->trans("ErrorFailToDeleteFile", $filerelative), null, 'errors');
 	$action='';
 }
 
@@ -109,21 +112,27 @@ $utils = new Utils($db);
 
 if ($compression == 'zip')
 {
-    $ret = dol_compress_dir(DOL_DATA_ROOT, $outputdir."/".$file, $compression);
+    $ret = dol_compress_dir(DOL_DATA_ROOT, $outputdir."/".$file, $compression, '/(\.log|\/temp\/|documents\/admin\/documents\/)/');
     if ($ret < 0)
     {
-        $errormsg = $langs->trans("ErrorFailedToWriteInDir",$outputfile);
+    	$errormsg = $langs->trans("ErrorFailedToWriteInDir", $outputdir);
     }
 }
 elseif (in_array($compression, array('gz', 'bz')))
 {
-    $file = substr($file, 0, strrpos($file, '.'));
+	$userlogin = ($user->login ? $user->login : 'unknown');
+
+	$outputfile = $conf->admin->dir_temp.'/export_files.'.$userlogin.'.out';	// File used with popen method
+
+	$file = substr($file, 0, strrpos($file, '.'));
     $file .= '.tar';
-    $cmd = 'tar -cf '.$outputdir."/".$file." --exclude=documents/admin/documents -C ".DOL_DATA_ROOT." ".DOL_DATA_ROOT."/../documents/";
-    exec($cmd, $out, $retval);
-    //var_dump($cmd, DOL_DATA_ROOT);exit;
-    
-    if ($retval != 0)
+    // We also exclude '/temp/' dir and 'documents/admin/documents'
+    $cmd = "tar -cf ".$outputdir."/".$file." --exclude-vcs --exclude 'temp' --exclude 'dolibarr.log' --exclude='documents/admin/documents' -C ".dirname(DOL_DATA_ROOT)." ".basename(DOL_DATA_ROOT);
+
+    $result = $utils->executeCLI($cmd, $outputfile);
+
+    $retval = $result['error'];
+    if ($result['result'] || ! empty($retval))
     {
         $langs->load("errors");
         dol_syslog("Documents tar retval after exec=".$retval, LOG_ERR);
@@ -133,15 +142,17 @@ elseif (in_array($compression, array('gz', 'bz')))
     {
         if ($compression == 'gz')
         {
-            $cmd = "gzip " . $outputdir."/".$file;
+            $cmd = "gzip -f " . $outputdir."/".$file;
         }
         if ($compression == 'bz')
         {
-            $cmd = "bzip2 " . $outputdir."/".$file;
+            $cmd = "bzip2 -f " . $outputdir."/".$file;
         }
-        
-        exec($cmd, $out, $retval);
-        if ($retval != 0)
+
+        $result = $utils->executeCLI($cmd, $outputfile);
+
+        $retval = $result['error'];
+        if ($result['result'] || ! empty($retval))
         {
             $errormsg = 'Error '.$compression.' generation return '.$retval;
             unlink($outputdir."/".$file);
@@ -163,4 +174,3 @@ header("Location: dolibarr_export.php");
 $time_end = time();
 
 $db->close();
-

htdocs/admin/tools/purge.php

@@ -48,6 +48,17 @@ if (! empty($conf->syslog->enabled))
  */
 if ($action=='purge' && ! preg_match('/^confirm/i',$choice) && ($choice != 'allfiles' || $confirm == 'yes') )
 {
+    // Increase limit of time. Works only if we are not in safe mode
+    $ExecTimeLimit=600;
+    if (!empty($ExecTimeLimit))
+    {
+        $err=error_reporting();
+        error_reporting(0);     // Disable all errors
+        //error_reporting(E_ALL);
+        @set_time_limit($ExecTimeLimit);   // Need more than 240 on Windows 7/64
+        error_reporting($err);
+    }
+
 	require_once DOL_DOCUMENT_ROOT.'/core/class/utils.class.php';
 	$utils = new Utils($db);
 	$result = $utils->purgeFiles($choice);

htdocs/api/class/api_setup.class.php

@@ -953,7 +953,7 @@ class Setup extends DolibarrApi
     			$includecustom=(empty($xml->dolibarr_htdocs_dir[0]['includecustom'])?0:$xml->dolibarr_htdocs_dir[0]['includecustom']);
 
     			// Defined qualified files (must be same than into generate_filelist_xml.php)
-    			$regextoinclude='\.(php|css|html|js|json|tpl|jpg|png|gif|sql|lang)$';
+    			$regextoinclude='\.(php|php3|php4|php5|phtml|phps|phar|inc|css|scss|html|xml|js|json|tpl|jpg|jpeg|png|gif|ico|sql|lang|txt|yml|bak|md|mp3|mp4|wav|mkv|z|gz|zip|rar|tar|less|svg|eot|woff|woff2|ttf|manifest)$';
     			$regextoexclude='('.($includecustom?'':'custom|').'documents|conf|install|public\/test|Shared\/PCLZip|nusoap\/lib\/Mail|php\/example|php\/test|geoip\/sample.*\.php|ckeditor\/samples|ckeditor\/adapters)$';  // Exclude dirs
     			$scanfiles = dol_dir_list(DOL_DOCUMENT_ROOT, 'files', 1, $regextoinclude, $regextoexclude);
 

htdocs/api/index.php

@@ -88,18 +88,21 @@ if (preg_match('/api\/index\.php\/explorer/', $_SERVER["PHP_SELF"]) && ! empty($
 // index.php/xxx                                called by any REST client to run API
 
 
+$reg=array();
 preg_match('/index\.php\/([^\/]+)(.*)$/', $_SERVER["PHP_SELF"], $reg);
 // .../index.php/categories?sortfield=t.rowid&sortorder=ASC
 
 
-// Set the flag to say to refresh (when we reload the explorer, production must be for API call only)
-$refreshcache=false;
+// When in production mode, a file api/temp/routes.php is created with the API available of current call.
+// But, if we set $refreshcache to false, so it may have only one API in the routes.php file if we make a call for one API without
+// using the explorer. And when we make another call for another API, the API is not into the api/temp/routes.php and a 404 is returned.
+// So we force refresh to each call.
+$refreshcache=(empty($conf->global->API_PRODUCTION_DO_NOT_ALWAYS_REFRESH_CACHE) ? true : false);
 if (! empty($reg[1]) && $reg[1] == 'explorer' && ($reg[2] == '/swagger.json' || $reg[2] == '/swagger.json/root' || $reg[2] == '/resources.json' || $reg[2] == '/resources.json/root'))
 {
     $refreshcache=true;
 }
 
-
 $api = new DolibarrApi($db, '', $refreshcache);
 //var_dump($api->r->apiVersionMap);
 
@@ -115,7 +118,7 @@ UploadFormat::$allowedMimeTypes = array('image/jpeg', 'image/png', 'text/plain',
 
 
 
-// Call Explorer file for all APIs definitions
+// Call Explorer file for all APIs definitions (this part is slow)
 if (! empty($reg[1]) && $reg[1] == 'explorer' && ($reg[2] == '/swagger.json' || $reg[2] == '/swagger.json/root' || $reg[2] == '/resources.json' || $reg[2] == '/resources.json/root'))
 {
     // Scan all API files to load them
@@ -253,5 +256,6 @@ if (! empty($reg[1]) && ($reg[1] != 'explorer' || ($reg[2] != '/swagger.json' &&
 //var_dump($api->r->apiVersionMap);
 //exit;
 
-// Call API (we suppose we found it)
+// Call API (we suppose we found it).
+// The handle will use the file api/temp/routes.php to get data to run the API. If the file exists and the entry for API is not found, it will return 404.
 $api->r->handle();

htdocs/bookmarks/bookmarks.lib.php

@@ -61,7 +61,7 @@ function printBookmarksList($aDb, $aLangs)
 		    {
 	    	    foreach($_POST as $key => $val)
 	    	    {
-	                if (preg_match('/^search_/', $key) && $val != '') $tmpurl.=($tmpurl?'&':'').$key.'='.$val;
+	                if ((preg_match('/^search_/', $key) || in_array($key, array('viewstatut')) ) && $val != '') $tmpurl.=($tmpurl?'&':'').$key.'='.$val;
 	    	    }
 		    }
 		    $url.=($tmpurl?'?'.$tmpurl:'');
@@ -72,6 +72,7 @@ function printBookmarksList($aDb, $aLangs)
 
 		$ret.= '<!-- form with POST method by default, will be replaced with GET for external link by js -->'."\n";
 		$ret.= '<form id="actionbookmark" name="actionbookmark" method="POST" action="">';
+        $ret.= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
 		$ret.= '<select name="bookmark" id="boxbookmark" class="flat boxcombo vmenusearchselectcombo" alt="Bookmarks">';
 		$ret.= '<option hidden value="listbookmarks" class="optiongrey" selected rel="'.DOL_URL_ROOT.'/bookmarks/list.php">'.$langs->trans('Bookmarks').'</option>';
 	    $ret.= '<option value="listbookmark" class="optionblue" rel="'.dol_escape_htmltag(DOL_URL_ROOT.'/bookmarks/list.php').'" ';

htdocs/cashdesk/facturation_verif.php

@@ -49,11 +49,11 @@ switch($action)
 			// Recuperation des donnees en fonction de la source (liste deroulante ou champ texte) ...
 			if ( $_POST['hdnSource'] == 'LISTE' )
 			{
-				$sql.= " AND p.rowid = ".$_POST['selProduit'];
+				$sql.= " AND p.rowid = ".((int) GETPOST('selProduit', 'int'));
 			}
 			else if ( $_POST['hdnSource'] == 'REF' )
 			{
-				$sql.= " AND p.ref = '".$_POST['txtRef']."'";
+				$sql.= " AND p.ref = '".$db->escape(GETPOST('txtRef', 'alpha'))."'";
 			}
 
 			$result = $db->query($sql);

htdocs/categories/class/categorie.class.php

@@ -917,7 +917,8 @@ class Categorie extends CommonObject
 	{
         // phpcs:enable
 		$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."categorie";
-		$sql.= " WHERE fk_parent = ".$this->id;
+		$sql .= " WHERE fk_parent = ".$this->id;
+		$sql .= " AND entity IN (".getEntity('category').")";
 
 		$res  = $this->db->query($sql);
 		if ($res)

htdocs/categories/index.php

@@ -65,9 +65,12 @@ $arrayofcss=array('/includes/jquery/plugins/jquerytreeview/jquery.treeview.css')
 
 llxHeader('',$title,'','',0,0,$arrayofjs,$arrayofcss);
 
-$newcardbutton = '<a class="butActionNew" href="'.DOL_URL_ROOT.'/categories/card.php?action=create&type='.$type.'&backtopage='.urlencode($_SERVER["PHP_SELF"].'?type='.$type).'"><span class="valignmiddle">'.$langs->trans("NewCategory").'</span>';
-$newcardbutton.= '<span class="fa fa-plus-circle valignmiddle"></span>';
-$newcardbutton.= '</a>';
+$newcardbutton='';
+if (! empty($user->rights->categorie->creer)) {
+    $newcardbutton = '<a class="butActionNew" href="'.DOL_URL_ROOT.'/categories/card.php?action=create&type='.$type.'&backtopage='.urlencode($_SERVER["PHP_SELF"].'?type='.$type).'"><span class="valignmiddle">'.$langs->trans("NewCategory").'</span>';
+    $newcardbutton.= '<span class="fa fa-plus-circle valignmiddle"></span>';
+    $newcardbutton.= '</a>';
+}
 
 print load_fiche_titre($title, $newcardbutton);
 

htdocs/comm/action/card.php

@@ -7,7 +7,8 @@
  * Copyright (C) 2013      Florian Henry        <florian.henry@open-concept.pro>
  * Copyright (C) 2014      Cedric GROSS         <c.gross@kreiz-it.fr>
  * Copyright (C) 2015       Alexandre Spangaro      <aspangaro.dolibarr@gmail.com>
- * Copyright (C) 2018       Frédéric France         <frederic.france@netlogic.fr>
+ * Copyright (C) 2018-2019  Frédéric France         <frederic.france@netlogic.fr>
+ * Copyright (C) 2019	   Ferran Marcet	    <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -248,7 +249,10 @@ if ($action == 'add')
 				{
 					$object->label = $langs->transnoentitiesnoconv("Action".$object->type_code)."\n";
 				}
-				else $object->label = $cactioncomm->libelle;
+				else {
+					$cactioncomm->fetch($object->type_code);
+					$object->label = $cactioncomm->label;
+				}
 			}
 		}
 		$object->fk_project = isset($_POST["projectid"])?$_POST["projectid"]:0;
@@ -268,7 +272,7 @@ if ($action == 'add')
 		$object->datep = $datep;
 		$object->datef = $datef;
 		$object->percentage = $percentage;
-		$object->duree=((float) (GETPOST('dureehour') * 60) + (float) GETPOST('dureemin')) * 60;
+		$object->duree=(((int) GETPOST('dureehour') * 60) + (int) GETPOST('dureemin')) * 60;
 
 		$transparency=(GETPOST("transparency")=='on'?1:0);
 

htdocs/comm/action/class/actioncomm.class.php

@@ -572,6 +572,7 @@ class ActionComm extends CommonObject
 
         $sql = "SELECT a.id,";
         $sql.= " a.id as ref,";
+		$sql.= " a.entity,";
         $sql.= " a.ref_ext,";
         $sql.= " a.datep,";
         $sql.= " a.datep2,";
@@ -608,6 +609,7 @@ class ActionComm extends CommonObject
                 $obj = $this->db->fetch_object($resql);
 
                 $this->id         = $obj->id;
+				$this->entity     = $obj->entity;
                 $this->ref        = $obj->ref;
                 $this->ref_ext    = $obj->ref_ext;
 
@@ -774,7 +776,7 @@ class ActionComm extends CommonObject
 
         dol_syslog(get_class($this)."::delete", LOG_DEBUG);
         $res=$this->db->query($sql);
-        if ($res < 0) {
+        if (!$res) {
         	$this->error=$this->db->lasterror();
         	$error++;
         }
@@ -785,7 +787,7 @@ class ActionComm extends CommonObject
 
 	        dol_syslog(get_class($this)."::delete", LOG_DEBUG);
 	        $res=$this->db->query($sql);
-	        if ($res < 0) {
+	        if (!$res) {
 	        	$this->error=$this->db->lasterror();
 	        	$error++;
 	        }
@@ -1262,10 +1264,12 @@ class ActionComm extends CommonObject
 
 		if (! empty($conf->dol_no_mouse_hover)) $notooltip=1;   // Force disable tooltips
 
-                if ((!$user->rights->agenda->allactions->read && $this->author->id != $user->id) || (!$user->rights->agenda->myactions->read && $this->author->id == $user->id))
-                    $option = 'nolink';
+		if ((!$user->rights->agenda->allactions->read && $this->authorid != $user->id) || (!$user->rights->agenda->myactions->read && $this->authorid == $user->id))
+		{
+            $option = 'nolink';
+		}
 
-                $label = $this->label;
+        $label = $this->label;
 		if (empty($label)) $label=$this->libelle;   // For backward compatibility
 
 		$result='';

htdocs/comm/action/list.php

@@ -43,7 +43,7 @@ $action=GETPOST('action','alpha');
 $contextpage=GETPOST('contextpage','aZ')?GETPOST('contextpage','aZ'):'actioncommlist';   // To manage different context of search
 $resourceid=GETPOST("search_resourceid","int")?GETPOST("search_resourceid","int"):GETPOST("resourceid","int");
 $pid=GETPOST("search_projectid",'int',3)?GETPOST("search_projectid",'int',3):GETPOST("projectid",'int',3);
-$status=GETPOST("search_status",'alpha')?GETPOST("search_status",'alpha'):GETPOST("status",'alpha');
+$status=(GETPOST("search_status",'alpha') != '')?GETPOST("search_status",'alpha'):GETPOST("status",'alpha');
 $type=GETPOST('search_type','alphanohtml')?GETPOST('search_type','alphanohtml'):GETPOST('type','alphanohtml');
 $optioncss = GETPOST('optioncss','alpha');
 $year=GETPOST("year",'int');
@@ -92,7 +92,7 @@ $limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit;
 $sortfield = GETPOST("sortfield",'alpha');
 $sortorder = GETPOST("sortorder",'alpha');
 $page = GETPOST("page",'int');
-if ($page == -1 || $page == null) { $page = 0 ; }
+if (empty($page) || $page == -1) { $page = 0 ; }
 $offset = $limit * $page ;
 if (! $sortorder)
 {
@@ -524,6 +524,7 @@ if ($resql)
 	require_once DOL_DOCUMENT_ROOT.'/comm/action/class/cactioncomm.class.php';
 	$caction=new CActionComm($db);
 	$arraylist=$caction->liste_array(1, 'code', '', (empty($conf->global->AGENDA_USE_EVENT_TYPE)?1:0), '', 1);
+    $contactListCache = array();
 
 	while ($i < min($num,$limit))
 	{
@@ -634,7 +635,34 @@ if ($resql)
 		// Contact
 		if (! empty($arrayfields['a.fk_contact']['checked'])) {
 			print '<td>';
-			if ($obj->fk_contact > 0)
+
+
+            $actionstatic->fetchResources();
+            if(!empty($actionstatic->socpeopleassigned))
+            {
+                $contactList = array();
+                foreach ($actionstatic->socpeopleassigned as $socpeopleId => $socpeopleassigned)
+                {
+                    if(!isset($contactListCache[$socpeopleassigned['id']]))
+                    {
+                        // if no cache found we fetch it
+                        $contact = new Contact($db);
+                        if($contact->fetch($socpeopleassigned['id'])>0)
+                        {
+                            $contactListCache[$socpeopleassigned['id']] = $contact->getNomUrl(1,'',28);
+                            $contactList[] = $contact->getNomUrl(1,'',28);
+                        }
+                    }
+                    else{
+                        // use cache
+                        $contactList[] = $contactListCache[$socpeopleassigned['id']];
+                    }
+                }
+                if(!empty($contactList)){
+                    print implode(', ', $contactList);
+                }
+            }
+            elseif ($obj->fk_contact > 0) //keep for retrocompatibility with faraway event
 			{
 				$contactstatic->id=$obj->fk_contact;
 				$contactstatic->email=$obj->email;

htdocs/comm/action/peruser.php

@@ -1189,32 +1189,32 @@ function show_day_events2($username, $day, $month, $year, $monthshown, $style, &
 		}
 
 		$ids1='';$ids2='';
-		if (count($cases1[$h]) && array_keys($cases1[$h])) $ids1=join(',',array_keys($cases1[$h]));
-		if (count($cases2[$h]) && array_keys($cases2[$h])) $ids2=join(',',array_keys($cases2[$h]));
+		if (is_array($cases1[$h]) && count($cases1[$h]) && array_keys($cases1[$h])) $ids1=join(',',array_keys($cases1[$h]));
+		if (is_array($cases2[$h]) && count($cases2[$h]) && array_keys($cases2[$h])) $ids2=join(',',array_keys($cases2[$h]));
 
 		if ($h == $begin_h) echo '<td class="'.$style.'_peruserleft cal_peruser'.($var?' cal_impair '.$style.'_impair':'').'">';
 		else echo '<td class="'.$style.' cal_peruser'.($var?' cal_impair '.$style.'_impair':'').'">';
-		if (count($cases1[$h]) == 1)	// only 1 event
+		if (is_array($cases1[$h]) && count($cases1[$h]) == 1)	// only 1 event
 		{
 			$output = array_slice($cases1[$h], 0, 1);
 			$title1=$langs->trans("Ref").' '.$ids1.($title1?' - '.$title1:'');
 			if ($output[0]['string']) $title1.=($title1?' - ':'').$output[0]['string'];
 			if ($output[0]['color']) $color1 = $output[0]['color'];
 		}
-		else if (count($cases1[$h]) > 1)
+		else if (is_array($cases1[$h]) && count($cases1[$h]) > 1)
 		{
 			$title1=$langs->trans("Ref").' '.$ids1.($title1?' - '.$title1:'');
 			$color1='222222';
 		}
 
-		if (count($cases2[$h]) == 1)	// only 1 event
+		if (is_array($cases2[$h]) && count($cases2[$h]) == 1)	// only 1 event
 		{
 			$output = array_slice($cases2[$h], 0, 1);
 			$title2=$langs->trans("Ref").' '.$ids2.($title2?' - '.$title2:'');
 			if ($output[0]['string']) $title2.=($title2?' - ':'').$output[0]['string'];
 			if ($output[0]['color']) $color2 = $output[0]['color'];
 		}
-		else if (count($cases2[$h]) > 1)
+		else if (is_array($cases2[$h]) && count($cases2[$h]) > 1)
 		{
 			$title2=$langs->trans("Ref").' '.$ids2.($title2?' - '.$title2:'');
 			$color2='222222';

htdocs/comm/action/rapport/index.php

@@ -42,7 +42,7 @@ $limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit;
 $sortfield = GETPOST("sortfield",'alpha');
 $sortorder = GETPOST("sortorder",'alpha');
 $page = GETPOST("page",'int');
-if ($page == -1 || $page == null) { $page = 0 ; }
+if (empty($page) || $page == -1) { $page = 0 ; }
 $offset = $limit * $page ;
 if (! $sortorder) $sortorder="DESC";
 if (! $sortfield) $sortfield="a.datep";

htdocs/comm/card.php

@@ -477,7 +477,7 @@ if ($object->id > 0)
         print '</td><td>';
         if ($action == 'editshipping')
         {
-            $form->formSelectShippingMethod($_SERVER['PHP_SELF'].'?socid='.$object->id,$object->shipping_method_id,'shipping_method_id');
+            $form->formSelectShippingMethod($_SERVER['PHP_SELF'].'?socid='.$object->id,$object->shipping_method_id,'shipping_method_id', 1);
         }
         else
         {

htdocs/comm/mailing/card.php

@@ -471,13 +471,13 @@ if (empty($reshook))
 			if ($result)
 			{
 				setEventMessages($langs->trans("MailSuccessfulySent",$mailfile->getValidAddress($object->email_from,2),$mailfile->getValidAddress($object->sendto,2)), null, 'mesgs');
+				$action = '';
 			}
 			else
 			{
 				setEventMessages($langs->trans("ResultKo").'<br>'.$mailfile->error.' '.$result, null, 'errors');
+				$action = 'test';
 			}
-
-			$action='';
 		}
 	}
 
@@ -835,7 +835,7 @@ else
 				{
 					// EMailing feature may be a spam problem, so when you host several users/instance, having this option may force each user to use their own SMTP agent.
 					// You ensure that every user is using its own SMTP server when using the mass emailing module.
-					$linktoadminemailbefore='<a href="'.DOL_URL_ROOT.'/admin/mails.php">';
+					$linktoadminemailbefore='<a href="'.DOL_URL_ROOT.'/admin/mails_emailing.php">';
 					$linktoadminemailend='</a>';
 					setEventMessages($langs->trans("MailSendSetupIs", $listofmethods[$sendingmode]), null, 'warnings');
 					setEventMessages($langs->trans("MailSendSetupIs2", $linktoadminemailbefore, $linktoadminemailend, $langs->transnoentitiesnoconv("MAIN_MAIL_SENDMODE"), $listofmethods['smtps']), null, 'warnings');
@@ -870,7 +870,7 @@ else
                     }
 				    $text.=$langs->trans('ConfirmSendingEmailing').'<br>';
 					$text.=$langs->trans('LimitSendingEmailing',$conf->global->MAILING_LIMIT_SENDBYWEB);
-					print $form->formconfirm($_SERVER['PHP_SELF'].'?id='.$object->id,$langs->trans('SendMailing'),$text,'sendallconfirmed',$formquestion,'',1,300);
+					print $form->formconfirm($_SERVER['PHP_SELF'].'?id='.$object->id, $langs->trans('SendMailing'), $text, 'sendallconfirmed', $formquestion, '', 1, 330, 600);
 				}
 			}
 

htdocs/comm/mailing/class/mailing.class.php

@@ -548,7 +548,7 @@ class Mailing extends CommonObject
 		$result = '';
 		$companylink = '';
 
-		$label = '<u>' . $langs->trans("ShowEmailing") . '</u>';
+		$label = '<u>' . $langs->trans("ShowEMailing") . '</u>';
 		$label.= '<br>';
 		$label.= '<b>' . $langs->trans('Ref') . ':</b> ' . $this->ref;
 
@@ -567,7 +567,7 @@ class Mailing extends CommonObject
 		{
 			if (! empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER))
 			{
-				$label=$langs->trans("ShowEmailing");
+				$label=$langs->trans("ShowEMailing");
 				$linkclose.=' alt="'.dol_escape_htmltag($label, 1).'"';
 			}
 			$linkclose.=' title="'.dol_escape_htmltag($label, 1).'"';

htdocs/comm/propal/card.php

@@ -321,7 +321,7 @@ if (empty($reshook))
 
 		$datep = dol_mktime(12, 0, 0, GETPOST('remonth'), GETPOST('reday'), GETPOST('reyear'));
 		$date_delivery = dol_mktime(12, 0, 0, GETPOST('date_livraisonmonth'), GETPOST('date_livraisonday'), GETPOST('date_livraisonyear'));
-		$duration = GETPOST('duree_validite');
+		$duration = GETPOST('duree_validite', 'int');
 
 		if (empty($datep)) {
 			setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Date")), null, 'errors');
@@ -1544,7 +1544,7 @@ if ($action == 'create')
 	print '</td></tr>';
 
 	// Validaty duration
-	print '<tr><td class="fieldrequired">' . $langs->trans("ValidityDuration") . '</td><td><input name="duree_validite" size="5" value="' . $conf->global->PROPALE_VALIDITY_DURATION . '"> ' . $langs->trans("days") . '</td></tr>';
+	print '<tr><td class="fieldrequired">' . $langs->trans("ValidityDuration") . '</td><td><input name="duree_validite" class="width50" value="' . (GETPOST('duree_validite', 'int') ? GETPOST('duree_validite', 'int') : $conf->global->PROPALE_VALIDITY_DURATION) . '"> ' . $langs->trans("days") . '</td></tr>';
 
 	// Terms of payment
 	print '<tr><td class="nowrap fieldrequired">' . $langs->trans('PaymentConditionsShort') . '</td><td>';

htdocs/comm/propal/class/propal.class.php

@@ -1316,9 +1316,9 @@ class Propal extends CommonObject
 			// Hook of thirdparty module
 			if (is_object($hookmanager))
 			{
-				$parameters=array('objFrom'=>$this,'clonedObj'=>$clonedObj);
+				$parameters=array('objFrom'=>$this,'clonedObj'=>$object);
 				$action='';
-				$reshook=$hookmanager->executeHooks('createFrom',$parameters,$clonedObj,$action);    // Note that $action and $object may have been modified by some hooks
+				$reshook=$hookmanager->executeHooks('createFrom',$parameters,$object,$action);    // Note that $action and $object may have been modified by some hooks
 				if ($reshook < 0) $error++;
 			}
 		}

htdocs/comm/propal/list.php

@@ -265,13 +265,12 @@ $sql.= " ava.rowid as availability,";
 $sql.= " state.code_departement as state_code, state.nom as state_name,";
 $sql.= ' p.rowid, p.entity, p.note_private, p.total_ht, p.tva as total_vat, p.total as total_ttc, p.localtax1, p.localtax2, p.ref, p.ref_client, p.fk_statut, p.fk_user_author, p.datep as dp, p.fin_validite as dfv,p.date_livraison as ddelivery,';
 $sql.= ' p.datec as date_creation, p.tms as date_update,';
-$sql.= " pr.rowid as project_id, pr.ref as project_ref,";
-if (! $user->rights->societe->client->voir && ! $socid) $sql .= " sc.fk_soc, sc.fk_user,";
+$sql.= " pr.rowid as project_id, pr.ref as project_ref, pr.title as project_label,";
 $sql.= ' u.login';
+if (! $user->rights->societe->client->voir && ! $socid) $sql .= ", sc.fk_soc, sc.fk_user";
 if ($search_categ_cus) $sql .= ", cc.fk_categorie, cc.fk_soc";
-
 // Add fields from extrafields
-foreach ($extrafields->attribute_label as $key => $val) $sql.=($extrafields->attribute_type[$key] != 'separate' ? ",ef.".$key.' as options_'.$key : '');
+foreach ($extrafields->attribute_label as $key => $val) $sql.=($extrafields->attribute_type[$key] != 'separate' ? ", ef.".$key.' as options_'.$key : '');
 // Add fields from hooks
 $parameters=array();
 $reshook=$hookmanager->executeHooks('printFieldListSelect',$parameters);    // Note that $action and $object may have been modified by hook
@@ -760,6 +759,12 @@ if ($resql)
 		$objectstatic->id=$obj->rowid;
 		$objectstatic->ref=$obj->ref;
 
+		$companystatic->id=$obj->socid;
+		$companystatic->name=$obj->name;
+		$companystatic->client=$obj->client;
+		$companystatic->code_client=$obj->code_client;
+		$companystatic->email=$obj->email;
+
 		print '<tr class="oddeven">';
 
 		if (! empty($arrayfields['p.ref']['checked']))
@@ -812,20 +817,16 @@ if ($resql)
 		{
     		// Project ref
     		print '<td class="nocellnopadd nowrap">';
-    		if ($obj->project_id) {
-				$projectstatic->fetch($obj->project_id);
+    		if ($obj->project_id > 0) {
+    		    $projectstatic->id=$obj->project_id;
+    		    $projectstatic->ref=$obj->project_ref;
+    		    $projectstatic->title=$obj->project_label;
 				print $projectstatic->getNomUrl(1);
 			}
     		print '</td>';
     		if (! $i) $totalarray['nbfield']++;
 		}
 
-		$companystatic->id=$obj->socid;
-		$companystatic->name=$obj->name;
-		$companystatic->client=$obj->client;
-		$companystatic->code_client=$obj->code_client;
-		$companystatic->email=$obj->email;
-
 		// Thirdparty
 		if (! empty($arrayfields['s.nom']['checked']))
 		{
@@ -971,9 +972,7 @@ if ($resql)
 				$nbofsalesrepresentative=count($listsalesrepresentatives);
 				if ($nbofsalesrepresentative > 3)   // We print only number
 				{
-					print '<a href="'.DOL_URL_ROOT.'/societe/commerciaux.php?socid='.$companystatic->id.'">';
 					print $nbofsalesrepresentative;
-					print '</a>';
 				}
 				else if ($nbofsalesrepresentative > 0)
 				{

htdocs/comm/remx.php

@@ -61,8 +61,10 @@ if ($action == 'confirm_split' && GETPOST("confirm") == 'yes')
 	//if ($user->rights->societe->creer)
 	//if ($user->rights->facture->creer)
 
-	$amount_ttc_1=GETPOST('amount_ttc_1');
-	$amount_ttc_2=GETPOST('amount_ttc_2');
+	$amount_ttc_1 = GETPOST('amount_ttc_1');
+	$amount_ttc_1 = price2num($amount_ttc_1);
+	$amount_ttc_2 = GETPOST('amount_ttc_2');
+	$amount_ttc_2 = price2num($amount_ttc_2);
 
 	$error=0;
 	$remid=GETPOST("remid")?GETPOST("remid"):0;
@@ -119,7 +121,7 @@ if ($action == 'confirm_split' && GETPOST("confirm") == 'yes')
 		$newdiscount2->datec=$discount->datec;
 		$newdiscount1->tva_tx=$discount->tva_tx;
 		$newdiscount2->tva_tx=$discount->tva_tx;
-		$newdiscount1->amount_ttc=$_POST["amount_ttc_1"];
+		$newdiscount1->amount_ttc=$amount_ttc_1;
 		$newdiscount2->amount_ttc=price2num($discount->amount_ttc-$newdiscount1->amount_ttc);
 		$newdiscount1->amount_ht=price2num($newdiscount1->amount_ttc/(1+$newdiscount1->tva_tx/100),'MT');
 		$newdiscount2->amount_ht=price2num($newdiscount2->amount_ttc/(1+$newdiscount2->tva_tx/100),'MT');

htdocs/commande/card.php

@@ -1436,11 +1436,11 @@ if ($action == 'create' && $user->rights->commande->creer)
 			if ($element == 'order' || $element == 'commande') {
 				$element = $subelement = 'commande';
 			}
-			if ($element == 'propal') {
+			elseif ($element == 'propal') {
 				$element = 'comm/propal';
 				$subelement = 'propal';
 			}
-			if ($element == 'contract') {
+			elseif ($element == 'contract') {
 				$element = $subelement = 'contrat';
 			}
 

htdocs/commande/list.php

@@ -243,11 +243,10 @@ $sql.= " state.code_departement as state_code, state.nom as state_name,";
 $sql.= ' c.rowid, c.ref, c.total_ht, c.tva as total_tva, c.total_ttc, c.ref_client,';
 $sql.= ' c.date_valid, c.date_commande, c.note_private, c.date_livraison as date_delivery, c.fk_statut, c.facture as billed,';
 $sql.= ' c.date_creation as date_creation, c.tms as date_update,';
-$sql.= " p.rowid as project_id, p.ref as project_ref";
+$sql.= " p.rowid as project_id, p.ref as project_ref, p.title as project_label";
 if ($search_categ_cus) $sql .= ", cc.fk_categorie, cc.fk_soc";
-
 // Add fields from extrafields
-foreach ($extrafields->attribute_label as $key => $val) $sql.=($extrafields->attribute_type[$key] != 'separate' ? ",ef.".$key.' as options_'.$key : '');
+foreach ($extrafields->attribute_label as $key => $val) $sql.=($extrafields->attribute_type[$key] != 'separate' ? ", ef.".$key.' as options_'.$key : '');
 // Add fields from hooks
 $parameters=array();
 $reshook=$hookmanager->executeHooks('printFieldListSelect',$parameters);    // Note that $action and $object may have been modified by hook
@@ -957,10 +956,14 @@ if ($resql)
 		// Project
 		if (! empty($arrayfields['p.project_ref']['checked']))
 		{
-			$projectstatic->id=$obj->project_id;
-			$projectstatic->ref=$obj->project_ref;
-			print '<td>';
-			if ($obj->project_id > 0) print $projectstatic->getNomUrl(1);
+			print '<td class="nocellnopadd nowrap">';
+			if ($obj->project_id > 0)
+			{
+			    $projectstatic->id=$obj->project_id;
+			    $projectstatic->ref=$obj->project_ref;
+			    $projectstatic->title=$obj->project_label;
+			    print $projectstatic->getNomUrl(1);
+			}
 			print '</td>';
 			if (! $i) $totalarray['nbfield']++;
 		}

htdocs/compta/bank/treso.php

@@ -303,7 +303,7 @@ if ($_REQUEST["account"] || $_REQUEST["ref"])
 	$reshook = $hookmanager->executeHooks('printObjectLine', $parameters, $object, $action); // Note that $action and $object may have been modified by hook
 	if(empty($reshook)){
 		print $hookmanager->resPrint;
-    $solde = isset($hookmanager->resArray['solde']) ? $hookmanager->resArray['solde'] : $solde;
+        $solde = isset($hookmanager->resArray['solde']) ? $hookmanager->resArray['solde'] : $solde;
 	}
 
 	// solde

htdocs/compta/charges/index.php

@@ -183,7 +183,7 @@ if (! empty($conf->tax->enabled) && $user->rights->tax->charges->lire)
 			print $socialcontrib->getNomUrl(1,'20');
 			print '</td>';
 			// Type
-			print '<td><a href="../sociales/index.php?filtre=cs.fk_type:'.$obj->type.'">'.$obj->lib.'</a></td>';
+			print '<td><a href="../sociales/list.php?filtre=cs.fk_type:'.$obj->type.'">'.$obj->lib.'</a></td>';
 			// Expected to pay
 			print '<td align="right">'.price($obj->total).'</td>';
 			// Ref payment

htdocs/compta/compta-files.php

@@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2001-2006 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2018 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2004-2019 Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2017      Pierre-Henry Favre   <support@atm-consulting.fr>
  *
  * This program is free software; you can redistribute it and/or modify
@@ -17,7 +17,7 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 /**
- *  \file       htdocs/compta/compta-files.php
+ *  \file       htdocs/compta/accounting-files.php
  *  \ingroup    compta
  *  \brief      Page to show portoflio and files of a thirdparty and download it
  */
@@ -25,15 +25,14 @@ require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
-require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php';
 require_once DOL_DOCUMENT_ROOT.'/compta/paiement/class/paiement.class.php';
-require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
-require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php';
+require_once DOL_DOCUMENT_ROOT.'/compta/salaries/class/paymentsalary.class.php';
 require_once DOL_DOCUMENT_ROOT.'/compta/sociales/class/chargesociales.class.php';
-require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
 require_once DOL_DOCUMENT_ROOT.'/don/class/don.class.php';
+require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
+require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php';
 
-$langs->loadLangs(array("accountancy","bills"));
+$langs->loadLangs(array("accountancy", "bills", "companies", "salaries"));
 
 $date_start =GETPOST('date_start', 'alpha');
 $date_startDay= GETPOST('date_startday', 'int');
@@ -45,7 +44,7 @@ $date_stopDay= GETPOST('date_stopday', 'int');
 $date_stopMonth= GETPOST('date_stopmonth', 'int');
 $date_stopYear= GETPOST('date_stopyear', 'int');
 //FIXME doldate
-$date_stop=($date_stopDay)?dol_mktime(0, 0, 0, $date_stopMonth, $date_stopDay, $date_stopYear):strtotime($date_stop);
+$date_stop=($date_stopDay)?dol_mktime(23, 59, 59, $date_stopMonth, $date_stopDay, $date_stopYear):strtotime($date_stop);
 $action =GETPOST('action', 'alpha');
 
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
@@ -65,6 +64,7 @@ if (! $sortorder) $sortorder="DESC";
 
 
 $arrayfields=array(
+    'type'=>array('label'=>"Type", 'checked'=>1),
     'date'=>array('label'=>"Date", 'checked'=>1),
     //...
 );
@@ -74,8 +74,9 @@ if (empty($conf->comptabilite->enabled) && empty($conf->accounting->enabled)) {
     accessforbidden();
 }
 if ($user->societe_id > 0)
+{
     accessforbidden();
-
+}
 
 
 /*
@@ -90,157 +91,211 @@ $entity = GETPOST('entity','int')?GETPOST('entity','int'):$conf->entity;
 
 $filesarray=array();
 $result=false;
-if(($action=="searchfiles"||$action=="dl" ) && $date_start && $date_stop){
-    $wheretail=" '".$db->idate($date_start)."' AND '".$db->idate($date_stop)."'";
-    $sql="SELECT rowid as id, facnumber as ref,paye as paid, total_ttc, fk_soc, datef as date, 'Invoice' as item FROM ".MAIN_DB_PREFIX."facture";
-    $sql.=" WHERE datef between ".$wheretail;
-    $sql.=" AND entity IN (".($entity==1?'0,1':$entity).')';
-    $sql.=" AND fk_statut <> ".Facture::STATUS_DRAFT;
-    $sql.=" UNION ALL";
-    $sql.=" SELECT rowid as id, ref, paye as paid, total_ttc, fk_soc, datef as date, 'SupplierInvoice' as item FROM ".MAIN_DB_PREFIX."facture_fourn";
-    $sql.=" WHERE datef between ".$wheretail;
-    $sql.=" AND entity IN (".($entity==1?'0,1':$entity).')';
-    $sql.=" AND fk_statut <> ".FactureFournisseur::STATUS_DRAFT;
-    $sql.=" UNION ALL";
-    $sql.=" SELECT rowid as id, ref, paid, total_ttc, fk_user_author as fk_soc, date_fin as date,'ExpenseReport' as item FROM ".MAIN_DB_PREFIX."expensereport";
-    $sql.=" WHERE date_fin between  ".$wheretail;
-    $sql.=" AND entity IN (".($entity==1?'0,1':$entity).')';
-    $sql.=" AND fk_statut <> ".ExpenseReport::STATUS_DRAFT;
-    $sql.=" UNION ALL";
-    $sql.=" SELECT rowid as id, ref,paid,amount as total_ttc, '0' as fk_soc, datedon as date,'Donation' as item FROM ".MAIN_DB_PREFIX."don";
-    $sql.=" WHERE datedon between ".$wheretail;
-    $sql.=" AND entity IN (".($entity==1?'0,1':$entity).')';
-    $sql.=" AND fk_statut <> ".Don::STATUS_DRAFT;
-    $sql.=" UNION ALL";
-    $sql.=" SELECT rowid as id, label as ref, 1 as paid, amount as total_ttc, fk_user as fk_soc,datep as date,'SalaryPayment' as item FROM ".MAIN_DB_PREFIX."payment_salary";
-    $sql.=" WHERE datep between ".$wheretail;
-    $sql.=" AND entity IN (".($entity==1?'0,1':$entity).')';
-    //$sql.=" AND fk_statut <> ".PaymentSalary::STATUS_DRAFT;
-    $sql.=" UNION ALL";
-    $sql.=" SELECT rowid as id, libelle as ref, paye as paid, amount as total_ttc, 0 as fk_soc, date_creation as date, 'SocialContributions' as item FROM ".MAIN_DB_PREFIX."chargesociales";
-    $sql.=" WHERE date_creation between ".$wheretail;
-    $sql.=" AND entity IN (".($entity==1?'0,1':$entity).')';
-    //$sql.=" AND fk_statut <> ".ChargeSociales::STATUS_DRAFT;
-    $sql.= $db->order($sortfield, $sortorder);
+if (($action=="searchfiles" || $action=="dl" )) {
 
-    $resd = $db->query($sql);
-    $files=array();
-    $link='';
-
-    if ($resd)
+    if (empty($date_start))
     {
-        $numd = $db->num_rows($resd);
+        setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("DateStart")), null, 'errors');
+        $error++;
+    }
+    if (empty($date_stop))
+    {
+        setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("DateEnd")), null, 'errors');
+        $error++;
+    }
 
-        $tmpinvoice=new Facture($db);
-        $tmpinvoicesupplier=new FactureFournisseur($db);
-        $tmpdonation=new Don($db);
+    if (! $error)
+    {
+        $wheretail=" '".$db->idate($date_start)."' AND '".$db->idate($date_stop)."'";
 
-        $upload_dir ='';
-        $i=0;
-        while ($i < $numd)
+        $sql="SELECT t.rowid as id, t.facnumber as ref, t.paye as paid, total as total_ht, total_ttc, tva as total_vat, fk_soc, t.datef as date, 'Invoice' as item, s.nom as thirdparty_name, s.code_client as thirdparty_code, c.code as country_code, s.tva_intra as vatnum";
+        $sql.=" FROM ".MAIN_DB_PREFIX."facture as t LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = t.fk_soc LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON c.rowid = s.fk_pays";
+        $sql.=" WHERE datef between ".$wheretail;
+        $sql.=" AND t.entity IN (".($entity==1?'0,1':$entity).')';
+        $sql.=" AND t.fk_statut <> ".Facture::STATUS_DRAFT;
+        $sql.=" UNION ALL";
+        $sql.=" SELECT t.rowid as id, t.ref, paye as paid, total_ht, total_ttc, total_tva as total_vat, fk_soc, datef as date, 'SupplierInvoice' as item, s.nom as thirdparty_name, s.code_fournisseur as thirdparty_code, c.code as country_code, s.tva_intra as vatnum";
+        $sql.=" FROM ".MAIN_DB_PREFIX."facture_fourn as t LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = t.fk_soc LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON c.rowid = s.fk_pays";
+        $sql.=" WHERE datef between ".$wheretail;
+        $sql.=" AND t.entity IN (".($entity==1?'0,1':$entity).')';
+        $sql.=" AND t.fk_statut <> ".FactureFournisseur::STATUS_DRAFT;
+        $sql.=" UNION ALL";
+        $sql.=" SELECT t.rowid as id, t.ref, paid, total_ht, total_ttc, total_tva as total_vat, fk_user_author as fk_soc, date_fin as date, 'ExpenseReport' as item, CONCAT(CONCAT(u.lastname, ' '), u.firstname) as thirdparty_name, '' as thirdparty_code, c.code as country_code, '' as vatnum";
+        $sql.=" FROM ".MAIN_DB_PREFIX."expensereport as t LEFT JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid = t.fk_user_author LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON c.rowid = u.fk_country";
+        $sql.=" WHERE date_fin between  ".$wheretail;
+        $sql.=" AND t.entity IN (".($entity==1?'0,1':$entity).')';
+        $sql.=" AND t.fk_statut <> ".ExpenseReport::STATUS_DRAFT;
+        $sql.=" UNION ALL";
+        $sql.=" SELECT t.rowid as id, t.ref, paid, amount as total_ht, amount as total_ttc, 0 as total_vat, 0 as fk_soc, datedon as date, 'Donation' as item, t.societe as thirdparty_name, '' as thirdparty_code, c.code as country_code, '' as vatnum";
+        $sql.=" FROM ".MAIN_DB_PREFIX."don as t LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON c.rowid = t.fk_country";
+        $sql.=" WHERE datedon between ".$wheretail;
+        $sql.=" AND t.entity IN (".($entity==1?'0,1':$entity).')';
+        $sql.=" AND t.fk_statut <> ".Don::STATUS_DRAFT;
+        $sql.=" UNION ALL";
+        $sql.=" SELECT t.rowid as id, t.label as ref, 1 as paid, amount as total_ht, amount as total_ttc, 0 as total_vat, t.fk_user as fk_soc, datep as date, 'SalaryPayment' as item, CONCAT(CONCAT(u.lastname, ' '), u.firstname)  as thirdparty_name, '' as thirdparty_code, c.code as country_code, '' as vatnum";
+        $sql.=" FROM ".MAIN_DB_PREFIX."payment_salary as t LEFT JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid = t.fk_user LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON c.rowid = u.fk_country";
+        $sql.=" WHERE datep between ".$wheretail;
+        $sql.=" AND t.entity IN (".($entity==1?'0,1':$entity).')';
+        //$sql.=" AND fk_statut <> ".PaymentSalary::STATUS_DRAFT;
+        $sql.=" UNION ALL";
+        $sql.=" SELECT t.rowid as id, t.libelle as ref, paye as paid, amount as total_ht, amount as total_ttc, 0 as total_tva, 0 as fk_soc, date_creation as date, 'SocialContributions' as item, '' as thirdparty_name, '' as thirdparty_code, '' as country_code, '' as vatnum";
+        $sql.=" FROM ".MAIN_DB_PREFIX."chargesociales as t";
+        $sql.=" WHERE date_creation between ".$wheretail;
+        $sql.=" AND t.entity IN (".($entity==1?'0,1':$entity).')';
+        //$sql.=" AND fk_statut <> ".ChargeSociales::STATUS_DRAFT;
+        $sql.= $db->order($sortfield, $sortorder);
+        //print $sql;
+
+        $resd = $db->query($sql);
+        $files=array();
+        $link='';
+
+        if ($resd)
         {
-            $objd = $db->fetch_object($resd);
+            $numd = $db->num_rows($resd);
 
-            switch($objd->item)
-            {
-                case "Invoice":
-                    $subdir=dol_sanitizeFileName($objd->ref);
-                    $upload_dir = $conf->facture->dir_output.'/'.$subdir;
-                    $link="document.php?modulepart=facture&file=".str_replace('/', '%2F', $subdir).'%2F';
-                    break;
-                case "SupplierInvoice":
-                    $tmpinvoicesupplier->fetch($objd->id);
-                    $subdir=get_exdir($tmpinvoicesupplier->id, 2, 0, 0, $tmpinvoicesupplier, 'invoice_supplier').'/'.dol_sanitizeFileName($objd->ref);
-                    $upload_dir = $conf->fournisseur->facture->dir_output.'/'.$subdir;
-                    $link="document.php?modulepart=facture_fournisseur&file=".str_replace('/', '%2F', $subdir).'%2F';
-                    break;
-                case "ExpenseReport":
-                    $subdir=dol_sanitizeFileName($objd->ref);
-                    $upload_dir = $conf->expensereport->dir_output.'/'.$subdir;
-                    $link="document.php?modulepart=expensereport&file=".str_replace('/', '%2F', $subdir).'%2F';
-                    break;
-                case "SalaryPayment":
-                    $subdir=dol_sanitizeFileName($objd->id);
-                    $upload_dir = $conf->salaries->dir_output.'/'.$subdir;
-                    $link="document.php?modulepart=salaries&file=".str_replace('/', '%2F', $subdir).'%2F';
-                    break;
-                case "Donation":
-                    $tmpdonation->fetch($objp->id);
-                    $subdir=get_exdir(0, 0, 0, 1, $tmpdonation, 'donation'). '/'. dol_sanitizeFileName($objd->id);
-                    $upload_dir = $conf->don->dir_output . '/' . $subdir;
-                    $link="document.php?modulepart=don&file=".str_replace('/', '%2F', $subdir).'%2F';
-                    break;
-                case "SocialContributions":
-                    $subdir=dol_sanitizeFileName($objd->id);
-                    $upload_dir = $conf->tax->dir_output . '/' . $subdir;
-                    $link="document.php?modulepart=tax&file=".str_replace('/', '%2F', $subdir).'%2F';
-                    break;
-                default:
-                    $subdir='';
-                    $upload_dir='';
-                    $link='';
-                    break;
-            }
+            $tmpinvoice=new Facture($db);
+            $tmpinvoicesupplier=new FactureFournisseur($db);
+            $tmpdonation=new Don($db);
 
-            if (!empty($upload_dir))
+            $upload_dir ='';
+            $i=0;
+            while ($i < $numd)
             {
-                $result=true;
-                $files=dol_dir_list($upload_dir, "files", 0, '', '(\.meta|_preview\.png)$', '', SORT_ASC, 1);
-                //var_dump($upload_dir);
-                if (count($files) < 1)
+                $objd = $db->fetch_object($resd);
+
+                switch($objd->item)
                 {
-                    $nofile['date']=$db->idate($objd->date);
-                    $nofile['paid']=$objd->paid;
-                    $nofile['amount']=$objd->total_ttc;
-                    $nofile['ref']=$objd->ref;
-                    $nofile['fk']=$objd->fk_soc;
-                    $nofile['item']=$objd->item;
-
-                    $filesarray[]=$nofile;
+                    case "Invoice":
+                        $subdir = '';
+                        $subdir.=($subdir ? '/' : '').dol_sanitizeFileName($objd->ref);
+                        $upload_dir = $conf->facture->dir_output.'/'.$subdir;
+                        $link="document.php?modulepart=facture&file=".str_replace('/', '%2F', $subdir).'%2F';
+                        break;
+                    case "SupplierInvoice":
+                        $tmpinvoicesupplier->fetch($objd->id);
+                        $subdir = get_exdir($tmpinvoicesupplier->id, 2, 0, 1, $tmpinvoicesupplier, 'invoice_supplier');		// TODO Use first file
+                        $subdir.=($subdir ? '/' : '').dol_sanitizeFileName($objd->ref);
+                        $upload_dir = $conf->fournisseur->facture->dir_output.'/'.$subdir;
+                        $link="document.php?modulepart=facture_fournisseur&file=".str_replace('/', '%2F', $subdir).'%2F';
+                        break;
+                    case "ExpenseReport":
+                        $subdir = '';
+                        $subdir.=($subdir ? '/' : '').dol_sanitizeFileName($objd->ref);
+                        $upload_dir = $conf->expensereport->dir_output.'/'.$subdir;
+                        $link="document.php?modulepart=expensereport&file=".str_replace('/', '%2F', $subdir).'%2F';
+                        break;
+                    case "SalaryPayment":
+                        $subdir = '';
+                        $subdir.=($subdir ? '/' : '').dol_sanitizeFileName($objd->id);
+                        $upload_dir = $conf->salaries->dir_output.'/'.$subdir;
+                        $link="document.php?modulepart=salaries&file=".str_replace('/', '%2F', $subdir).'%2F';
+                        break;
+                    case "Donation":
+                        $tmpdonation->fetch($objp->id);
+                        $subdir=get_exdir(0, 0, 0, 0, $tmpdonation, 'donation');
+                        $subdir.=($subdir ? '/' : '').dol_sanitizeFileName($objd->id);
+                        $upload_dir = $conf->don->dir_output . '/' . $subdir;
+                        $link="document.php?modulepart=don&file=".str_replace('/', '%2F', $subdir).'%2F';
+                        break;
+                    case "SocialContributions":
+                        $subdir = '';
+                        $subdir.=($subdir ? '/' : '').dol_sanitizeFileName($objd->id);
+                        $upload_dir = $conf->tax->dir_output . '/' . $subdir;
+                        $link="document.php?modulepart=tax&file=".str_replace('/', '%2F', $subdir).'%2F';
+                        break;
+                    default:
+                        $subdir='';
+                        $upload_dir='';
+                        $link='';
+                        break;
                 }
-                else
-                {
-                    foreach ($files as $key => $file)
-                    {
-                        $file['date']=$db->idate($objd->date);
-                        $file['paid']=$objd->paid;
-                        $file['amount']=$objd->total_ttc;
-                        $file['ref']=$objd->ref;
-                        $file['fk']=$objd->fk_soc;
-                        $file['item']=$objd->item;
-                        $file['link']=$link.$file['name'];
-                        $file['relpathnamelang'] = $langs->trans($file['item']).'/'.$file['name'];
 
-                        $filesarray[]=$file;
+                if (!empty($upload_dir))
+                {
+                    $result=true;
+                    $files=dol_dir_list($upload_dir, "files", 0, '', '(\.meta|_preview\.png)$', '', SORT_ASC, 1);
+                    //var_dump($upload_dir);
+                    if (count($files) < 1)
+                    {
+                        $nofile['id']=$objd->id;
+                        $nofile['date']=$db->idate($objd->date);
+                        $nofile['paid']=$objd->paid;
+                        $nofile['amount_ht']=$objd->total_ht;
+                        $nofile['amount_ttc']=$objd->total_ttc;
+                        $nofile['amount_vat']=$objd->total_vat;
+                        $nofile['ref']=($objd->ref ? $objd->ref : $objd->id);
+                        $nofile['fk']=$objd->fk_soc;
+                        $nofile['item']=$objd->item;
+                        $nofile['thirdparty_name']=$objd->thirdparty_name;
+                        $nofile['thirdparty_code']=$objd->thirdparty_code;
+                        $nofile['country_code']=$objd->country_code;
+                        $nofile['vatnum']=$objd->vatnum;
+
+                        $filesarray[]=$nofile;
+                    }
+                    else
+                    {
+                        foreach ($files as $key => $file)
+                        {
+                            $file['id']=$objd->id;
+                            $file['date']=$db->idate($objd->date);
+                            $file['paid']=$objd->paid;
+                            $file['amount_ht']=$objd->total_ht;
+                            $file['amount_ttc']=$objd->total_ttc;
+                            $file['amount_vat']=$objd->total_vat;
+                            $file['ref']=($objd->ref ? $objd->ref : $objd->id);
+                            $file['fk']=$objd->fk_soc;
+                            $file['item']=$objd->item;
+
+                            $file['thirdparty_name']=$objd->thirdparty_name;
+                            $file['thirdparty_code']=$objd->thirdparty_code;
+                            $file['country_code']=$objd->country_code;
+                            $file['vatnum']=$objd->vatnum;
+
+                            $file['link']=$link.$file['name'];
+                            $file['relpathnamelang'] = $langs->trans($file['item']).'/'.$file['name'];
+
+                            $filesarray[]=$file;
+                        }
                     }
                 }
+                $i++;
             }
-            $i++;
         }
-    }
-    else
-    {
-        dol_print_error($db);
-    }
+        else
+        {
+            dol_print_error($db);
+        }
 
-    $db->free($resd);
+        $db->free($resd);
+    }
 }
 
-/*
- * cleanup of old ZIP
- */
-//FIXME
+
 /*
  *ZIP creation
  */
 
-if ($result && $action == "dl")
+$dirfortmpfile = ($conf->accounting->dir_temp ? $conf->accounting->dir_temp : $conf->comptabilite->dir_temp);
+if (empty($dirfortmpfile))
 {
-    $dirfortmpfile = ($conf->accounting->dir_temp ? $conf->accounting->dir_temp : $conf->compta->dir_temp);
+    setEventMessages($langs->trans("ErrorNoAccountingModuleEnabled"), null, 'errors');
+    $error++;
+}
+
+
+if ($result && $action == "dl" && ! $error)
+{
+    if (! extension_loaded('zip'))
+    {
+        setEventMessages('PHPZIPExtentionNotLoaded', null, 'errors');
+        exit;
+    }
 
     dol_mkdir($dirfortmpfile);
 
-    $log='date,type,ref,total,paid,filename,item_id'."\n";
+    $log=$langs->transnoentitiesnoconv("Type").','.$langs->transnoentitiesnoconv("Date").','.$langs->transnoentitiesnoconv("Ref").','.$langs->transnoentitiesnoconv("TotalHT").','.$langs->transnoentitiesnoconv("TotalTTC").','.$langs->transnoentitiesnoconv("TotalVAT").','.$langs->transnoentitiesnoconv("Paid").',filename,item_id,'.$langs->transnoentitiesnoconv("ThirdParty").','.$langs->transnoentitiesnoconv("Code").','.$langs->transnoentitiesnoconv("Country").','.$langs->transnoentitiesnoconv("VATIntra")."\n";
     $zipname = $dirfortmpfile.'/'.dol_print_date($date_start, 'dayrfc')."-".dol_print_date($date_stop, 'dayrfc').'_export.zip';
 
     dol_delete_file($zipname);
@@ -249,10 +304,10 @@ if ($result && $action == "dl")
     $res = $zip->open($zipname, ZipArchive::OVERWRITE|ZipArchive::CREATE);
     if ($res)
     {
-        foreach ($filesarray as $key=> $file)
+        foreach ($filesarray as $key => $file)
         {
             if (file_exists($file["fullname"])) $zip->addFile($file["fullname"], $file["relpathnamelang"]); //
-            $log.=dol_print_date($file['date'], 'dayrfc').','.$file['item'].','.$file['ref'].','.$file['amount'].','.$file['paid'].','.$file["name"].','.$file['fk']."\n";
+            $log.=$file['item'].','.dol_print_date($file['date'], 'dayrfc').','.$file['ref'].','.$file['amount_ht'].','.$file['amount_ttc'].','.$file['amount_vat'].','.$file['paid'].','.$file["name"].','.$file['fk'].','.$file['thirdparty_name'].','.$file['thirdparty_code'].','.$file['country_code'].',"'.$file['vatnum'].'"'."\n";
         }
         $zip->addFromString('transactions.csv', $log);
         $zip->close();
@@ -267,6 +322,10 @@ if ($result && $action == "dl")
 
         exit();
     }
+    else
+    {
+        setEventMessages($langs->trans("FailedToOpenFile", $zipname), null, 'errors');
+    }
 }
 
 
@@ -283,7 +342,7 @@ llxHeader('', $title, $help_url);
 
 $h=0;
 $head[$h][0] = $_SERVER["PHP_SELF"].$varlink;
-$head[$h][1] = $langs->trans("AccountancyFiles");
+$head[$h][1] = $langs->trans("AccountantFiles");
 $head[$h][2] = 'AccountancyFiles';
 
 dol_fiche_head($head, 'AccountancyFiles');
@@ -293,45 +352,20 @@ print '<form name="searchfiles" action="?action=searchfiles'.$tail.'" method="PO
 print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
 print $langs->trans("ReportPeriod").': '.$form->selectDate($date_start, 'date_start', 0, 0, 0, "", 1, 1, 0);
 print ' - '.$form->selectDate($date_stop, 'date_stop', 0, 0, 0, "", 1, 1, 0)."\n</a>";
-// Multicompany
-/*if (! empty($conf->multicompany->enabled) && is_object($mc))
- {
- print '<br>';
- // This is now done with hook formObjectOptions. Keep this code for backward compatibility with old multicompany module
- if (method_exists($mc, 'formObjectOptions'))
- {
- if (empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE) && $conf->entity == 1 && $user->admin && ! $user->entity)	// condition must be same for create and edit mode
- {
- print "<tr>".'<td>'.$langs->trans("Entity").'</td>';
- print "<td>".$mc->select_entities($entity);
- print "</td></tr>\n";
- }
- else
- {
- print '<input type="hidden" name="entity" value="'.$conf->entity.'" />';
- }
- }
 
- $object = new stdClass();
- // Other attributes
- $parameters=array('objectsrc' => null, 'colspan' => ' colspan="3"');
- $reshook=$hookmanager->executeHooks('formObjectOptions', $parameters, $object, $action);    // Note that $action and $object may have been modified by hook
- print $hookmanager->resPrint;
- if (empty($reshook))
- {
- print $object->showOptionals($extrafields, 'edit');
- }
- }*/
+// Export is for current company only !
 if (! empty($conf->multicompany->enabled) && is_object($mc))
 {
-    print ' &nbsp; - &nbsp; '.$langs->trans("Entity").' : ';
+    print '<span class="marginleftonly marginrightonly">('.$langs->trans("Entity").' : ';
     $mc->dao->getEntities();
     $mc->dao->fetch($conf->entity);
     print $mc->dao->label;
-    print "<br>\n";
+    print ")</span>\n";
 }
 
-print '<input class="button" type="submit" value="'.$langs->trans("Refresh").'" /></form>'."\n";
+print '<input class="button" type="submit" name="search" value="'.$langs->trans("Search").'">';
+
+print '</form>'."\n";
 
 dol_fiche_end();
 
@@ -369,14 +403,18 @@ if (!empty($date_start) && !empty($date_stop))
     print '<div class="div-table-responsive">';		// You can use div-table-responsive-no-min if you dont need reserved height for your table
     print '<table class="noborder" width="100%">';
     print '<tr class="liste_titre">';
-    print_liste_field_titre($arrayfields['date']['label'], $_SERVER["PHP_SELF"], "date", "", $param, 'align="center" class="nowrap"', $sortfield, $sortorder);
-    print '<td>'.$langs->trans("Type").'</td>';
+    print_liste_field_titre($arrayfields['type']['label'], $_SERVER["PHP_SELF"], "type", "", $param, '', $sortfield, $sortorder, 'nowrap ');
+    print_liste_field_titre($arrayfields['date']['label'], $_SERVER["PHP_SELF"], "date", "", $param, '', $sortfield, $sortorder, 'center nowrap ');
     print '<td>'.$langs->trans("Ref").'</td>';
-    print '<td>'.$langs->trans("Link").'</td>';
+    print '<td>'.$langs->trans("Document").'</td>';
     print '<td>'.$langs->trans("Paid").'</td>';
-    print '<td align="right">'.$langs->trans("Debit").'</td>';
-    print '<td align="right">'.$langs->trans("Credit").'</td>';
-    print '<td align="right">'.$langs->trans("Balance").'</td>';
+    print '<td align="right">'.$langs->trans("TotalHT").'</td>';
+    print '<td align="right">'.$langs->trans("TotalTTC").'</td>';
+    print '<td align="right">'.$langs->trans("TotalVAT").'</td>';
+    print '<td>'.$langs->trans("ThirdParty").'</td>';
+    print '<td class="center">'.$langs->trans("Code").'</td>';
+    print '<td class="center">'.$langs->trans("Country").'</td>';
+    print '<td class="center">'.$langs->trans("VATIntra").'</td>';
     print '</tr>';
     if ($result)
     {
@@ -390,20 +428,11 @@ if (!empty($date_start) && !empty($date_stop))
         {
             // Sort array by date ASC to calculate balance
 
+            $totalET = 0;
+            $totalIT = 0;
+            $totalVAT = 0;
             $totalDebit = 0;
             $totalCredit = 0;
-            // Balance calculation
-            $balance = 0;
-            foreach($TData as &$data1) {
-                if ($data1['item']!='Invoice'&& $data1['item']!='Donation' ){
-                    $data1['amount']=-$data1['amount'];
-                }
-                if ($data1['amount']>0){
-                }else{
-                }
-                $balance += $data1['amount'];
-                $data1['balance'] = $balance;
-            }
 
             // Display array
             foreach($TData as $data)
@@ -412,30 +441,79 @@ if (!empty($date_start) && !empty($date_stop))
                 //if (!empty($data['fk_facture'])) $html_class = 'facid-'.$data['fk_facture'];
                 //elseif (!empty($data['fk_paiement'])) $html_class = 'payid-'.$data['fk_paiement'];
                 print '<tr class="oddeven '.$html_class.'">';
-                print "<td align=\"center\">";
+
+                // Type
+                print '<td>'.$langs->trans($data['item']).'</td>';
+
+                // Date
+                print '<td class="center">';
                 print dol_print_date($data['date'], 'day');
                 print "</td>\n";
-                print '<td aling="left">'.$langs->trans($data['item']).'</td>';
+
+                // Ref
                 print '<td aling="left">'.$data['ref'].'</td>';
 
                 // File link
-                print '<td><a href='.DOL_URL_ROOT.'/'.$data['link'].">".$data['name']."</a></td>\n";
+                print '<td>';
+                if ($data['link'])
+                {
+                    print '<a href='.DOL_URL_ROOT.'/'.$data['link'].' target="_blank">'.($data['name'] ? $data['name'] : $data['ref']).'</a>';
+                }
+                print "</td>\n";
 
+                // Paid
                 print '<td aling="left">'.$data['paid'].'</td>';
-                print '<td align="right">'.(($data['amount'] > 0) ? price(abs($data['amount'])) : '')."</td>\n";
-                $totalDebit += ($data['amount'] > 0) ? abs($data['amount']) : 0;
-                print '<td align="right">'.(($data['amount'] > 0) ? '' : price(abs($data['amount'])))."</td>\n";
-                $totalCredit += ($data['amount'] > 0) ? 0 : abs($data['amount']);
+
+                // Total ET
+                print '<td align="right">'.price($data['amount_ht'])."</td>\n";
+                // Total IT
+                print '<td align="right">'.price($data['amount_ttc'])."</td>\n";
+                // Total VAT
+                print '<td align="right">'.price($data['amount_vat'])."</td>\n";
+
+                print '<td>'.$data['thirdparty_name']."</td>\n";
+
+                print '<td class="center">'.$data['thirdparty_code']."</td>\n";
+
+                print '<td class="center">'.$data['country_code']."</td>\n";
+
+                print '<td align="right">'.$data['vatnum']."</td>\n";
+
+                // Debit
+                //print '<td align="right">'.(($data['amount_ttc'] > 0) ? price(abs($data['amount_ttc'])) : '')."</td>\n";
+                // Credit
+                //print '<td align="right">'.(($data['amount_ttc'] > 0) ? '' : price(abs($data['amount_ttc'])))."</td>\n";
+
+                $totalET += $data['amount_ht'];
+                $totalIT += $data['amount_ttc'];
+                $totalVAT += $data['amount_vat'];
+
+                $totalDebit += ($data['amount_ttc'] > 0) ? abs($data['amount_ttc']) : 0;
+                $totalCredit += ($data['amount_ttc'] > 0) ? 0 : abs($data['amount_ttc']);
+
                 // Balance
-                print '<td align="right">'.price($data['balance'])."</td>\n";
+                //print '<td align="right">'.price($data['balance'])."</td>\n";
+
                 print "</tr>\n";
             }
 
             print '<tr class="liste_total">';
-            print '<td colspan="5">&nbsp;</td>';
-            print '<td align="right">'.price($totalDebit).'</td>';
-            print '<td align="right">'.price($totalCredit).'</td>';
-            print '<td align="right">'.price(price2num($totalDebit - $totalCredit, 'MT')).'</td>';
+            print '<td></td>';
+            print '<td></td>';
+            print '<td></td>';
+            print '<td></td>';
+            print '<td></td>';
+            print '<td align="right">'.price($totalET).'</td>';
+            print '<td align="right">'.price($totalIT).'</td>';
+            print '<td align="right">'.price($totalVAT).'</td>';
+            print '<td></td>';
+            print '<td></td>';
+            print '<td></td>';
+            print '<td></td>';
+            /*print '<td align="right">'.price($totalDebit).'</td>';
+             print '<td align="right">'.price($totalCredit).'</td>';
+             print '<td align="right">'.price(price2num($totalDebit - $totalCredit, 'MT')).'</td>';
+             */
             print "</tr>\n";
         }
     }

htdocs/compta/facture/card.php

@@ -181,7 +181,8 @@ if (empty($reshook))
 	// Change status of invoice
 	else if ($action == 'reopen' && $usercancreate) {
 		$result = $object->fetch($id);
-		if ($object->statut == 2 || ($object->statut == 3 && $object->close_code != 'replaced') || ($object->statut == 1 && $object->paye == 1)) {    // ($object->statut == 1 && $object->paye == 1) should not happened but can be found when data are corrupted
+
+		if ($object->statut == Facture::STATUS_CLOSED || ($object->statut == Facture::STATUS_ABANDONED && ($object->close_code != 'replaced' || $object->getIdReplacingInvoice() == 0)) || ($object->statut == Facture::STATUS_VALIDATED && $object->paye == 1)) {    // ($object->statut == 1 && $object->paye == 1) should not happened but can be found when data are corrupted
 			$result = $object->set_unpaid($user);
 			if ($result > 0) {
 				header('Location: ' . $_SERVER["PHP_SELF"] . '?facid=' . $id);
@@ -1254,7 +1255,7 @@ if (empty($reshook))
 						if ($_POST['type'] == Facture::TYPE_DEPOSIT)
 						{
 							$typeamount = GETPOST('typedeposit', 'alpha');
-							$valuedeposit = GETPOST('valuedeposit', 'int');
+							$valuedeposit = price2num(GETPOST('valuedeposit', 'alpha'), 'MU');
 
 							$amountdeposit = array();
 							if (!empty($conf->global->MAIN_DEPOSIT_MULTI_TVA))
@@ -1319,7 +1320,7 @@ if (empty($reshook))
 								if (empty($amount)) continue;
 
 								$arraylist = array('amount' => 'FixAmount','variable' => 'VarAmount');
-								$descline = $langs->trans('Deposit');
+								$descline = '(DEPOSIT)';
 								//$descline.= ' - '.$langs->trans($arraylist[$typeamount]);
 								if ($typeamount=='amount') {
 									$descline.= ' ('. price($valuedeposit, '', $langs, 0, - 1, - 1, (!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency)).')';
@@ -1382,8 +1383,9 @@ if (empty($reshook))
 								{
 									// Don't add lines with qty 0 when coming from a shipment including all order lines
 									if($srcobject->element == 'shipping' && $conf->global->SHIPMENT_GETS_ALL_ORDER_PRODUCTS && $lines[$i]->qty == 0) continue;
-									// Don't add closed lines when coming from a contract
-									if($srcobject->element == 'contrat' && $lines[$i]->statut == 5) continue;
+									// Don't add closed lines when coming from a contract (Set constant to '0,5' to exclude also inactive lines)
+									if (! isset( $conf->global->CONTRACT_EXCLUDE_SERVICES_STATUS_FOR_INVOICE)) $conf->global->CONTRACT_EXCLUDE_SERVICES_STATUS_FOR_INVOICE = '5';
+									if ($srcobject->element == 'contrat' && in_array($lines[$i]->statut, explode(',', $conf->global->CONTRACT_EXCLUDE_SERVICES_STATUS_FOR_INVOICE))) continue;
 
 									$label=(! empty($lines[$i]->label)?$lines[$i]->label:'');
 									$desc=(! empty($lines[$i]->desc)?$lines[$i]->desc:$lines[$i]->libelle);
@@ -3007,21 +3009,24 @@ if ($action == 'create')
 	}
 	else
 	{
-	    print '<div class="tagtr listofinvoicetype"><div class="tagtd listofinvoicetype">';
-	    $tmp='<input type="radio" name="type" id="radio_situation" value="0" disabled> ';
-	    $text = '<label>'.$tmp.$langs->trans("InvoiceFirstSituationAsk") . '</label> ';
-	    $text.= '('.$langs->trans("YouMustCreateInvoiceFromThird").') ';
-	    $desc = $form->textwithpicto($text, $langs->transnoentities("InvoiceFirstSituationDesc"), 1, 'help', '', 0, 3);
-	    print $desc;
-	    print '</div></div>';
+	    if (! empty($conf->global->INVOICE_USE_SITUATION))
+	    {
+    	    print '<div class="tagtr listofinvoicetype"><div class="tagtd listofinvoicetype">';
+    	    $tmp='<input type="radio" name="type" id="radio_situation" value="0" disabled> ';
+    	    $text = '<label>'.$tmp.$langs->trans("InvoiceFirstSituationAsk") . '</label> ';
+    	    $text.= '('.$langs->trans("YouMustCreateInvoiceFromThird").') ';
+    	    $desc = $form->textwithpicto($text, $langs->transnoentities("InvoiceFirstSituationDesc"), 1, 'help', '', 0, 3);
+    	    print $desc;
+    	    print '</div></div>';
 
-	    print '<div class="tagtr listofinvoicetype"><div class="tagtd listofinvoicetype">';
-	    $tmp='<input type="radio" name="type" id="radio_situation" value="0" disabled> ';
-	    $text = '<label>'.$tmp.$langs->trans("InvoiceSituationAsk") . '</label> ';
-	    $text.= '('.$langs->trans("YouMustCreateInvoiceFromThird").') ';
-	    $desc = $form->textwithpicto($text, $langs->transnoentities("InvoiceFirstSituationDesc"), 1, 'help', '', 0, 3);
-	    print $desc;
-	    print '</div></div>';
+    	    print '<div class="tagtr listofinvoicetype"><div class="tagtd listofinvoicetype">';
+    	    $tmp='<input type="radio" name="type" id="radio_situation" value="0" disabled> ';
+    	    $text = '<label>'.$tmp.$langs->trans("InvoiceSituationAsk") . '</label> ';
+    	    $text.= '('.$langs->trans("YouMustCreateInvoiceFromThird").') ';
+    	    $desc = $form->textwithpicto($text, $langs->transnoentities("InvoiceFirstSituationDesc"), 1, 'help', '', 0, 3);
+    	    print $desc;
+    	    print '</div></div>';
+	    }
 
 	    print '<div class="tagtr listofinvoicetype"><div class="tagtd listofinvoicetype">';
 		$tmp='<input type="radio" name="type" id="radio_replacement" value="0" disabled> ';
@@ -3042,7 +3047,7 @@ if ($action == 'create')
 			{
 				print '<div class="tagtr listofinvoicetype"><div class="tagtd listofinvoicetype">';
 				$tmp='<input type="radio" id="radio_creditnote" name="type" value="2"' . (GETPOST('type') == 2 ? ' checked' : '');
-				if (! $optionsav) $tmp.=' disabled';
+				if (! $optionsav && empty($conf->global->INVOICE_CREDIT_NOTE_STANDALONE)) $tmp.=' disabled';
 				$tmp.= '> ';
 				// Show credit note options only if we checked credit note
 				print '<script type="text/javascript" language="javascript">
@@ -4686,11 +4691,11 @@ else if ($id > 0 || ! empty($ref))
 				&& ($object->statut == 2 || $object->statut == 3 || ($object->statut == 1 && $object->paye == 1))   // Condition ($object->statut == 1 && $object->paye == 1) should not happened but can be found due to corrupted data
 				&& ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && $usercancreate) || $usercanreopen))				// A paid invoice (partially or completely)
 			{
-				if (! $objectidnext && $object->close_code != 'replaced') 				// Not replaced by another invoice
+			    if ($object->close_code != 'replaced' || (! $objectidnext)) 				// Not replaced by another invoice or replaced but the replacement invoice has been deleted
 				{
 					print '<div class="inline-block divButAction"><a class="butAction'.($conf->use_javascript_ajax?' reposition':'').'" href="' . $_SERVER['PHP_SELF'] . '?facid=' . $object->id . '&amp;action=reopen">' . $langs->trans('ReOpen') . '</a></div>';
 				} else {
-					print '<div class="inline-block divButAction"><span class="butActionRefused" title="' . $langs->trans("DisabledBecauseReplacedInvoice") . '">' . $langs->trans('ReOpen') . '</span></div>';
+				    print '<div class="inline-block divButAction"><span class="butActionRefused" title="' . $langs->trans("DisabledBecauseReplacedInvoice") . '">' . $langs->trans('ReOpen') . '</span></div>';
 				}
 			}
 

htdocs/compta/facture/class/api_invoices.class.php

@@ -72,10 +72,10 @@ class Invoices extends DolibarrApi
 		}
 
 		// Get payment details
-		$this->invoice->totalpaye = $this->invoice->getSommePaiement();
+		$this->invoice->totalpaid = $this->invoice->getSommePaiement();
 		$this->invoice->totalcreditnotes = $this->invoice->getSumCreditNotesUsed();
 		$this->invoice->totaldeposits = $this->invoice->getSumDepositsUsed();
-		$this->invoice->resteapayer = price2num($this->invoice->total_ttc - $this->invoice->totalpaye - $this->invoice->totalcreditnotes - $this->invoice->totaldeposits, 'MT');
+		$this->invoice->remaintopay = price2num($this->invoice->total_ttc - $this->invoice->totalpaid - $this->invoice->totalcreditnotes - $this->invoice->totaldeposits, 'MT');
 
 		if (! DolibarrApi::_checkAccessToResource('facture',$this->invoice->id)) {
 			throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);

htdocs/compta/facture/class/facture.class.php

@@ -947,7 +947,7 @@ class Facture extends CommonInvoice
 		}
 		elseif ($this->type == self::TYPE_SITUATION && !empty($conf->global->INVOICE_USE_SITUATION))
 		{
-			$this->fetchObjectLinked('', '', $facture->id, 'facture');
+			$this->fetchObjectLinked('', '', $this->id, 'facture');
 
 			foreach ($this->linkedObjectsIds as $typeObject => $Tfk_object)
 			{
@@ -3136,7 +3136,13 @@ class Facture extends CommonInvoice
         // phpcs:enable
 	    global $mysoc,$user;
 
-		include_once DOL_DOCUMENT_ROOT . '/core/lib/price.lib.php';
+	    // Progress should never be changed for discount lines
+	    if (($line->info_bits & 2) == 2)
+	    {
+	    	return;
+	    }
+
+		include_once DOL_DOCUMENT_ROOT.'/core/lib/price.lib.php';
 
 		// Cap percentages to 100
 		if ($percent > 100) $percent = 100;
@@ -3152,7 +3158,6 @@ class Facture extends CommonInvoice
 		$line->multicurrency_total_ttc = $tabprice[18];
 		$line->update($user);
 		$this->update_price(1);
-		$this->db->commit();
 	}
 
 	/**
@@ -3501,7 +3506,7 @@ class Facture extends CommonInvoice
 	 *  @param    	int		$offset			For pagination
 	 *  @param    	string	$sortfield		Sort criteria
 	 *  @param    	string	$sortorder		Sort order
-	 *  @return     int             		-1 if KO, array with result if OK
+	 *  @return     array|int             	-1 if KO, array with result if OK
 	 */
 	function liste_array($shortlist=0, $draft=0, $excluser='', $socid=0, $limit=0, $offset=0, $sortfield='f.datef,f.rowid', $sortorder='DESC')
 	{
@@ -3572,7 +3577,7 @@ class Facture extends CommonInvoice
 	 *	(Status validated or abandonned for a reason 'other') + not payed + no payment at all + not already replaced
 	 *
 	 *	@param		int		$socid		Id thirdparty
-	 *	@return    	array				Array of invoices ('id'=>id, 'ref'=>ref, 'status'=>status, 'paymentornot'=>0/1)
+	 *	@return    	array|int			Array of invoices ('id'=>id, 'ref'=>ref, 'status'=>status, 'paymentornot'=>0/1)
 	 */
 	function list_replacable_invoices($socid=0)
 	{
@@ -4409,13 +4414,13 @@ class FactureLigne extends CommonInvoiceLine
 	// From llx_product
 	/**
 	 * @deprecated
-	 * @see product_ref
+	 * @see $product_ref
 	 */
 	public $ref;				// Product ref (deprecated)
 	public $product_ref;       // Product ref
 	/**
 	 * @deprecated
-	 * @see product_label
+	 * @see $product_label
 	 */
 	public $libelle;      		// Product label (deprecated)
 	public $product_label;     // Product label
@@ -4599,6 +4604,7 @@ class FactureLigne extends CommonInvoiceLine
 			if ($result <= 0)
 			{
 				$this->error='ErrorProductIdDoesNotExists';
+				dol_syslog(get_class($this)."::insert Error ".$this->error, LOG_ERR);
 				return -1;
 			}
 		}
@@ -4629,7 +4635,7 @@ class FactureLigne extends CommonInvoiceLine
 		$sql.= " '".$this->db->escape($this->localtax1_type)."',";
 		$sql.= " '".$this->db->escape($this->localtax2_type)."',";
 		$sql.= ' '.(! empty($this->fk_product)?$this->fk_product:"null").',';
-		$sql.= " ".$this->product_type.",";
+		$sql.= " ".((int) $this->product_type).",";
 		$sql.= " ".price2num($this->remise_percent).",";
 		$sql.= " ".price2num($this->subprice).",";
 		$sql.= ' '.(! empty($this->fk_remise_except)?$this->fk_remise_except:"null").',';

htdocs/compta/facture/fiche-rec.php

@@ -1423,8 +1423,8 @@ else
             include_once DOL_DOCUMENT_ROOT . '/core/modules/facture/modules_facture.php';
             $list = array();
             $models = ModelePDFFactures::liste_modeles($db);
-            foreach ($models as $model) {
-                $list[] = $model . ':' . $model;
+            foreach ($models as $k => $model) {
+                $list[] = str_replace(':', '|', $k) . ':' . $model;
             }
             $select = 'select;'.implode(',', $list);
             print $form->editfieldval($langs->trans("Model"), 'modelpdf', $object->modelpdf, $object, $user->rights->facture->creer, $select);

htdocs/compta/facture/invoicetemplate_list.php

@@ -261,7 +261,7 @@ if ($search_month_date_when > 0)
 	if ($search_year_date_when > 0 && empty($search_day_date_when))
 		$sql.= " AND f.date_when BETWEEN '".$db->idate(dol_get_first_day($search_year_date_when,$search_month_date_when,false))."' AND '".$db->idate(dol_get_last_day($search_year_date_when,$search_month_date_when,false))."'";
 	else if ($search_year_date_when > 0 && ! empty($search_day_date_when))
-		$sql.= " AND f.date_date_when_reglement BETWEEN '".$db->idate(dol_mktime(0, 0, 0, $search_month_date_when, $search_day_date_when, $search_year_date_when))."' AND '".$db->idate(dol_mktime(23, 59, 59, $search_month_date_when, $search_day_date_when, $search_year_date_when))."'";
+		$sql.= " AND f.date_when BETWEEN '".$db->idate(dol_mktime(0, 0, 0, $search_month_date_when, $search_day_date_when, $search_year_date_when))."' AND '".$db->idate(dol_mktime(23, 59, 59, $search_month_date_when, $search_day_date_when, $search_year_date_when))."'";
 	else
 		$sql.= " AND date_format(f.date_when, '%m') = '".$db->escape($search_month_date_when)."'";
 }

htdocs/compta/facture/list.php

@@ -370,9 +370,8 @@ $sql.= " p.rowid as project_id, p.ref as project_ref, p.title as project_label";
 // TODO Better solution to be able to sort on already payed or remain to pay is to store amount_payed in a denormalized field.
 if (! $sall) $sql.= ', SUM(pf.amount) as dynamount_payed';
 if ($search_categ_cus) $sql .= ", cc.fk_categorie, cc.fk_soc";
-
 // Add fields from extrafields
-foreach ($extrafields->attribute_label as $key => $val) $sql.=($extrafields->attribute_type[$key] != 'separate' ? ",ef.".$key.' as options_'.$key : '');
+foreach ($extrafields->attribute_label as $key => $val) $sql.=($extrafields->attribute_type[$key] != 'separate' ? ", ef.".$key.' as options_'.$key : '');
 // Add fields from hooks
 $parameters=array();
 $reshook=$hookmanager->executeHooks('printFieldListSelect',$parameters);    // Note that $action and $object may have been modified by hook
@@ -1022,7 +1021,7 @@ if ($resql)
 			// Project
 			if (! empty($arrayfields['p.ref']['checked']))
 			{
-				print '<td class="nowrap">';
+				print '<td class="nocellnopadd nowrap">';
 				if ($obj->project_id > 0)
 				{
 					$projectstatic->id=$obj->project_id;

htdocs/compta/facture/prelevement.php

@@ -61,42 +61,52 @@ if ($id > 0 || ! empty($ref))
 	}
 }
 
+$hookmanager->initHooks(array('directdebitcard','globalcard'));
+
+
 
 /*
  * Actions
  */
 
-if ($action == "new")
+$parameters = array('socid' => $socid);
+$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
+if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
+
+if (empty($reshook))
 {
-    if ($object->id > 0)
+    if ($action == "new")
     {
-    	$db->begin();
-
-        $result = $object->demande_prelevement($user, GETPOST('withdraw_request_amount'));
-        if ($result > 0)
+        if ($object->id > 0)
         {
-        	$db->commit();
+            $db->begin();
 
-            setEventMessages($langs->trans("RecordSaved"), null, 'mesgs');
-        }
-        else
-		{
-        	$db->rollback();
-        	setEventMessages($object->error, $object->errors, 'errors');
+            $result = $object->demande_prelevement($user, GETPOST('withdraw_request_amount'));
+            if ($result > 0)
+            {
+                $db->commit();
+
+                setEventMessages($langs->trans("RecordSaved"), null, 'mesgs');
+            }
+            else
+            {
+                $db->rollback();
+                setEventMessages($object->error, $object->errors, 'errors');
+            }
         }
+        $action='';
     }
-    $action='';
-}
 
-if ($action == "delete")
-{
-    if ($object->id > 0)
+    if ($action == "delete")
     {
-        $result = $object->demande_prelevement_delete($user, GETPOST('did'));
-        if ($result == 0)
+        if ($object->id > 0)
         {
-            header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id);
-            exit;
+            $result = $object->demande_prelevement_delete($user, GETPOST('did'));
+            if ($result == 0)
+            {
+                header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id);
+                exit;
+            }
         }
     }
 }

htdocs/compta/paiement.php

@@ -531,7 +531,7 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
         $sql = 'SELECT f.rowid as facid, f.facnumber, f.total_ttc, f.multicurrency_code, f.multicurrency_total_ttc, f.type,';
         $sql.= ' f.datef as df, f.fk_soc as socid, f.date_lim_reglement as dlr';
         $sql.= ' FROM '.MAIN_DB_PREFIX.'facture as f';
-		$sql.= ' WHERE f.entity IN ('.getEntity('facture', $conf->entity).')';
+		$sql.= ' WHERE f.entity IN ('.getEntity('facture').')';
         $sql.= ' AND (f.fk_soc = '.$facture->socid;
 		// Can pay invoices of all child of parent company
 		if(!empty($conf->global->FACTURE_PAYMENTS_ON_DIFFERENT_THIRDPARTIES_BILLS) && !empty($facture->thirdparty->parent)) {
@@ -593,6 +593,10 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
                 print '<td align="right">'.$alreadypayedlabel.'</td>';
                 print '<td align="right">'.$remaindertopay.'</td>';
                 print '<td align="right">'.$langs->trans('PaymentAmount').'</td>';
+
+                $parameters=array();
+                $reshook=$hookmanager->executeHooks('printFieldListTitle', $parameters, $facture, $action); // Note that $action and $object may have been modified by hook
+
                 print '<td align="right">&nbsp;</td>';
                 print "</tr>\n";
 
@@ -736,6 +740,9 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
                     }
                     print "</td>";
 
+                    $parameters=array();
+                    $reshook=$hookmanager->executeHooks('printFieldListValue', $parameters, $objp, $action); // Note that $action and $object may have been modified by hook
+
                     // Warning
                     print '<td align="center" width="16">';
                     //print "xx".$amounts[$invoice->id]."-".$amountsresttopay[$invoice->id]."<br>";
@@ -746,9 +753,6 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
                     }
                     print '</td>';
 
-					$parameters=array();
-					$reshook=$hookmanager->executeHooks('printObjectLine',$parameters,$objp,$action); // Note that $action and $object may have been modified by hook
-
                     print "</tr>\n";
 
                     $total+=$objp->total;
@@ -840,7 +844,7 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
  */
 if (! GETPOST('action','aZ09'))
 {
-    if ($page == -1) $page = 0 ;
+    if (empty($page) || $page == -1) $page = 0 ;
     $limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit;
     $offset = $limit * $page ;
 
@@ -886,11 +890,11 @@ if (! GETPOST('action','aZ09'))
             print '<td>'.dol_print_date($db->jdate($objp->dp))."</td>\n";
             print '<td>'.$objp->paiement_type.' '.$objp->num_paiement."</td>\n";
             print '<td align="right">'.price($objp->amount).'</td><td>&nbsp;</td>';
-
-			$parameters=array();
-			$reshook=$hookmanager->executeHooks('printObjectLine',$parameters,$objp,$action); // Note that $action and $object may have been modified by hook
-
             print '</tr>';
+
+            $parameters=array();
+            $reshook=$hookmanager->executeHooks('printObjectLine',$parameters,$objp,$action); // Note that $action and $object may have been modified by hook
+
             $i++;
         }
         print '</table>';

htdocs/compta/paiement_charge.php

@@ -71,7 +71,7 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm=='yes
 		$error++;
         $action = 'create';
 	}
-    if (! empty($conf->banque->enabled) && ! $_POST["accountid"] > 0)
+    if (! empty($conf->banque->enabled) && ! ($_POST["accountid"] > 0))
     {
         setEventMessages($langs->trans("ErrorFieldRequired",$langs->transnoentities("AccountToCredit")), null, 'errors');
         $error++;

htdocs/compta/prelevement/card.php

@@ -63,78 +63,86 @@ $object = new BonPrelevement($db,"");
 // Load object
 include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php';  // Must be include, not include_once  // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals
 
+$hookmanager->initHooks(array('directdebitprevcard','globalcard'));
 
 /*
  * Actions
  */
 
-if ( $action == 'confirm_delete' )
+$parameters = array('socid' => $socid);
+$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
+if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
+
+if (empty($reshook))
 {
-	$res=$object->delete($user);
-	if ($res > 0)
-	{
-		header("Location: index.php");
-		exit;
-	}
-}
+    if ( $action == 'confirm_delete' )
+    {
+        $res=$object->delete($user);
+        if ($res > 0)
+        {
+            header("Location: index.php");
+            exit;
+        }
+    }
 
-// Seems to no be used and replaced with $action == 'infocredit
-if ( $action == 'confirm_credite' && GETPOST('confirm','alpha') == 'yes')
-{
-	$res=$object->set_credite();
-	if ($res >= 0)
-	{
-    	header("Location: card.php?id=".$id);
-	    exit;
-	}
-}
+    // Seems to no be used and replaced with $action == 'infocredit
+    if ( $action == 'confirm_credite' && GETPOST('confirm','alpha') == 'yes')
+    {
+        $res=$object->set_credite();
+        if ($res >= 0)
+        {
+            header("Location: card.php?id=".$id);
+            exit;
+        }
+    }
 
-if ($action == 'infotrans' && $user->rights->prelevement->bons->send)
-{
-	require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
+    if ($action == 'infotrans' && $user->rights->prelevement->bons->send)
+    {
+        require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 
-	$dt = dol_mktime(12,0,0,GETPOST('remonth','int'),GETPOST('reday','int'),GETPOST('reyear','int'));
+        $dt = dol_mktime(12,0,0,GETPOST('remonth','int'),GETPOST('reday','int'),GETPOST('reyear','int'));
 
-	/*
-	if ($_FILES['userfile']['name'] && basename($_FILES['userfile']['name'],".ps") == $object->ref)
-	{
-		$dir = $conf->prelevement->dir_output.'/receipts';
+        /*
+        if ($_FILES['userfile']['name'] && basename($_FILES['userfile']['name'],".ps") == $object->ref)
+        {
+            $dir = $conf->prelevement->dir_output.'/receipts';
 
-		if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $dir . "/" . dol_unescapefile($_FILES['userfile']['name']),1) > 0)
-		{
-			$object->set_infotrans($user, $dt, GETPOST('methode','alpha'));
-		}
+            if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $dir . "/" . dol_unescapefile($_FILES['userfile']['name']),1) > 0)
+            {
+                $object->set_infotrans($user, $dt, GETPOST('methode','alpha'));
+            }
 
-		header("Location: card.php?id=".$id);
-        exit;
-	}
-	else
-	{
-		dol_syslog("Fichier invalide",LOG_WARNING);
-		$mesg='BadFile';
-	}*/
+            header("Location: card.php?id=".$id);
+            exit;
+        }
+        else
+        {
+            dol_syslog("Fichier invalide",LOG_WARNING);
+            $mesg='BadFile';
+        }*/
 
-	$error = $object->set_infotrans($user, $dt, GETPOST('methode','alpha'));
+        $error = $object->set_infotrans($user, $dt, GETPOST('methode','alpha'));
 
-	if ($error)
-	{
-		header("Location: card.php?id=".$id."&error=$error");
-		exit;
-	}
-}
+        if ($error)
+        {
+            header("Location: card.php?id=".$id."&error=$error");
+            exit;
+        }
+    }
 
-// Set direct debit order to credited, create payment and close invoices
-if ($action == 'infocredit' && $user->rights->prelevement->bons->credit)
-{
-	$dt = dol_mktime(12,0,0,GETPOST('remonth','int'),GETPOST('reday','int'),GETPOST('reyear','int'));
+    // Set direct debit order to credited, create payment and close invoices
+    if ($action == 'infocredit' && $user->rights->prelevement->bons->credit)
+    {
+        $dt = dol_mktime(12,0,0,GETPOST('remonth','int'),GETPOST('reday','int'),GETPOST('reyear','int'));
 
-	$error = $object->set_infocredit($user, $dt);
+        $error = $object->set_infocredit($user, $dt);
 
-	if ($error)
-	{
-		header("Location: card.php?id=".$id."&error=$error");
-		exit;
-	}
+        if ($error)
+        {
+            header("Location: card.php?id=".$id."&error=$error");
+            exit;
+        }
+    }
 }
 
 

htdocs/compta/prelevement/class/bonprelevement.class.php

@@ -1133,15 +1133,25 @@ class BonPrelevement extends CommonObject
 
 
 	/**
-	 *	Get object and lines from database
+	 *  Get object and lines from database
 	 *
 	 *  @param	User	$user		Object user that delete
-	 *	@return	int					>0 if OK, <0 if KO
+	 *  @param	int	$notrigger	1=Does not execute triggers, 0= execute triggers
+	 *  @return	int			>0 if OK, <0 if KO
 	 */
-	function delete($user=null)
+	function delete($user = null, $notrigger = 0)
 	{
 		$this->db->begin();
 
+		$error = 0;
+		if (! $notrigger)
+		{
+		    // Call trigger
+		    $result=$this->call_trigger('BON_PRELEVEMENT_DELETE', $user);
+		    if ($result < 0) $error++;
+		    // End call triggers
+		}
+
 		$sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_facture WHERE fk_prelevement_lignes IN (SELECT rowid FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".$this->id.")";
 		$resql1=$this->db->query($sql);
 		if (! $resql1) dol_print_error($this->db);
@@ -1158,7 +1168,7 @@ class BonPrelevement extends CommonObject
 		$resql4=$this->db->query($sql);
 		if (! $resql4) dol_print_error($this->db);
 
-		if ($resql1 && $resql2 && $resql3)
+		if ($resql1 && $resql2 && $resql3 && !$error)
 		{
 			$this->db->commit();
 			return 1;
@@ -1349,7 +1359,7 @@ class BonPrelevement extends CommonObject
 
 			$sql = "SELECT soc.code_client as code, soc.address, soc.zip, soc.town, c.code as country_code,";
 			$sql.= " pl.client_nom as nom, pl.code_banque as cb, pl.code_guichet as cg, pl.number as cc, pl.amount as somme,";
-			$sql.= " f.facnumber as fac, pf.fk_facture as idfac, rib.datec, rib.iban_prefix as iban, rib.bic as bic, rib.rowid as drum";
+			$sql.= " f.facnumber as fac, pf.fk_facture as idfac, rib.datec, rib.iban_prefix as iban, rib.bic as bic, rib.rowid as drum, rib.rum";
 			$sql.= " FROM";
 			$sql.= " ".MAIN_DB_PREFIX."prelevement_lignes as pl,";
 			$sql.= " ".MAIN_DB_PREFIX."facture as f,";
@@ -1375,7 +1385,7 @@ class BonPrelevement extends CommonObject
 				while ($i < $num)
 				{
 					$obj = $this->db->fetch_object($resql);
-					$fileDebiteurSection .= $this->EnregDestinataireSEPA($obj->code, $obj->nom, $obj->address, $obj->zip, $obj->town, $obj->country_code, $obj->cb, $obj->cg, $obj->cc, $obj->somme, $obj->fac, $obj->idfac, $obj->iban, $obj->bic, $this->db->jdate($obj->datec), $obj->drum);
+					$fileDebiteurSection .= $this->EnregDestinataireSEPA($obj->code, $obj->nom, $obj->address, $obj->zip, $obj->town, $obj->country_code, $obj->cb, $obj->cg, $obj->cc, $obj->somme, $obj->fac, $obj->idfac, $obj->iban, $obj->bic, $this->db->jdate($obj->datec), $obj->drum, $obj->rum);
 					$this->total = $this->total + $obj->somme;
 					$i++;
 				}
@@ -1586,9 +1596,10 @@ class BonPrelevement extends CommonObject
 	 *	@param	string		$row_bic			rib.bic AS bic,
 	 *	@param	string		$row_datec			rib.datec,
 	 *	@param	string		$row_drum			rib.rowid used to generate rum
+     * 	@param	string		$row_rum			rib.rum Rum defined on company bank account
 	 *	@return	string							Return string with SEPA part DrctDbtTxInf
 	 */
-	function EnregDestinataireSEPA($row_code_client, $row_nom, $row_address, $row_zip, $row_town, $row_country_code, $row_cb, $row_cg, $row_cc, $row_somme, $row_facnumber, $row_idfac, $row_iban, $row_bic, $row_datec, $row_drum)
+	function EnregDestinataireSEPA($row_code_client, $row_nom, $row_address, $row_zip, $row_town, $row_country_code, $row_cb, $row_cg, $row_cc, $row_somme, $row_facnumber, $row_idfac, $row_iban, $row_bic, $row_datec, $row_drum, $row_rum)
 	{
         // phpcs:enable
         global $conf;
@@ -1597,7 +1608,7 @@ class BonPrelevement extends CommonObject
 
 		// Define value for RUM
 		// Example:  RUMCustomerCode-CustomerBankAccountId-01424448606	(note: Date is date of creation of CustomerBankAccountId)
-		$Rum = $this->buildRumNumber($row_code_client, $row_datec, $row_drum);
+		$Rum = empty($row_rum) ? $this->buildRumNumber($row_code_client, $row_datec, $row_drum) : $row_rum;
 
 		// Define date of RUM signature
 		$DtOfSgntr = dol_print_date($row_datec, '%Y-%m-%d');

htdocs/compta/prelevement/create.php

@@ -51,43 +51,54 @@ $page = GETPOST("page",'int');
 if (empty($page) || $page == -1) { $page = 0; }     // If $page is not defined, or '' or -1
 $offset = $limit * $page;
 
+$hookmanager->initHooks(array('directdebitcreatecard','globalcard'));
+
+
 /*
  * Actions
  */
 
-// Change customer bank information to withdraw
-if ($action == 'modify')
+$parameters = array('mode' => $mode, 'format' => $format, 'limit' => $limit, 'page' => $page, 'offset' => $offset);
+$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
+if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
+
+
+if (empty($reshook))
 {
-	for ($i = 1 ; $i < 9 ; $i++)
-	{
-		dolibarr_set_const($db, GETPOST("nom$i"), GETPOST("value$i"),'chaine',0,'',$conf->entity);
-	}
-}
-if ($action == 'create')
-{
-	// $conf->global->PRELEVEMENT_CODE_BANQUE and $conf->global->PRELEVEMENT_CODE_GUICHET should be empty
-	$bprev = new BonPrelevement($db);
+    // Change customer bank information to withdraw
+    if ($action == 'modify')
+    {
+        for ($i = 1 ; $i < 9 ; $i++)
+        {
+            dolibarr_set_const($db, GETPOST("nom$i"), GETPOST("value$i"),'chaine',0,'',$conf->entity);
+        }
+    }
+    if ($action == 'create')
+    {
+        // $conf->global->PRELEVEMENT_CODE_BANQUE and $conf->global->PRELEVEMENT_CODE_GUICHET should be empty
+        $bprev = new BonPrelevement($db);
         $executiondate = dol_mktime(0, 0, 0, GETPOST('remonth'), GETPOST('reday'), GETPOST('reyear'));
 
         $result = $bprev->create($conf->global->PRELEVEMENT_CODE_BANQUE, $conf->global->PRELEVEMENT_CODE_GUICHET, $mode, $format,$executiondate);
-	if ($result < 0)
-	{
-		setEventMessages($bprev->error, $bprev->errors, 'errors');
-	}
-	elseif ($result == 0)
-	{
-		$mesg=$langs->trans("NoInvoiceCouldBeWithdrawed", $format);
-		setEventMessages($mesg, null, 'errors');
-		$mesg.='<br>'."\n";
-		foreach($bprev->invoice_in_error as $key => $val)
-		{
-			$mesg.='<span class="warning">'.$val."</span><br>\n";
-		}
-	}
-	else
-	{
-		setEventMessages($langs->trans("DirectDebitOrderCreated", $bprev->getNomUrl(1)), null);
-	}
+        if ($result < 0)
+        {
+            setEventMessages($bprev->error, $bprev->errors, 'errors');
+        }
+        elseif ($result == 0)
+        {
+            $mesg=$langs->trans("NoInvoiceCouldBeWithdrawed", $format);
+            setEventMessages($mesg, null, 'errors');
+            $mesg.='<br>'."\n";
+            foreach($bprev->invoice_in_error as $key => $val)
+            {
+                $mesg.='<span class="warning">'.$val."</span><br>\n";
+            }
+        }
+        else
+        {
+            setEventMessages($langs->trans("DirectDebitOrderCreated", $bprev->getNomUrl(1)), null);
+        }
+    }
 }
 
 

htdocs/compta/prelevement/factures.php

@@ -156,7 +156,7 @@ $sql.= " AND pl.fk_prelevement_bons = p.rowid";
 $sql.= " AND f.fk_soc = s.rowid";
 $sql.= " AND pf.fk_facture = f.rowid";
 $sql.= " AND f.entity = ".$conf->entity;
-if ($prev_id) $sql.= " AND p.rowid=".$prev_id;
+if ($object->id) $sql.= " AND p.rowid=".$object->id;
 if ($socid) $sql.= " AND s.rowid = ".$socid;
 $sql.= $db->order($sortfield,$sortorder);
 

htdocs/compta/sociales/card.php

@@ -121,7 +121,7 @@ if ($action == 'confirm_delete' && $confirm == 'yes')
 	$result=$object->delete($user);
 	if ($result > 0)
 	{
-		header("Location: index.php");
+		header("Location: list.php");
 		exit;
 	}
 	else

htdocs/compta/sociales/class/chargesociales.class.php

@@ -319,7 +319,7 @@ class ChargeSociales extends CommonObject
         $sql.= ", date_ech='".$this->db->idate($this->date_ech)."'";
         $sql.= ", periode='".$this->db->idate($this->periode)."'";
         $sql.= ", amount='".price2num($this->amount,'MT')."'";
-		$sql.= ", fk_projet='".$this->db->escape($this->fk_project)."'";
+        $sql.= ", fk_projet=".($this->fk_project>0?$this->db->escape($this->fk_project):"NULL");
         $sql.= ", fk_user_modif=".$user->id;
         $sql.= " WHERE rowid=".$this->id;
 

htdocs/compta/sociales/document.php

@@ -55,7 +55,7 @@ $result = restrictedArea($user, 'tax', $id, 'chargesociales','charges');
 $sortfield = GETPOST("sortfield",'alpha');
 $sortorder = GETPOST("sortorder",'alpha');
 $page = GETPOST("page",'int');
-if ($page == -1) {
+if (empty($page) || $page == -1) {
     $page = 0;
 }
 $offset = $conf->liste_limit * $page;

htdocs/compta/sociales/list.php

@@ -168,7 +168,7 @@ if ($resql)
 
 	if ($year)
 	{
-	    $center=($year?"<a href='index.php?year=".($year-1)."'>".img_previous()."</a> ".$langs->trans("Year")." $year <a href='index.php?year=".($year+1)."'>".img_next()."</a>":"");
+	    $center=($year?"<a href='list.php?year=".($year-1)."'>".img_previous()."</a> ".$langs->trans("Year")." $year <a href='list.php?year=".($year+1)."'>".img_next()."</a>":"");
 	    print_barre_liste($langs->trans("SocialContributions"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $center, $num, $totalnboflines, 'title_accountancy.png', 0, $newcardbutton, '', $limit);
 	}
 	else
@@ -258,7 +258,7 @@ if ($resql)
 			print '<td align="center">';
 			if ($obj->periode)
 			{
-				print '<a href="index.php?year='.strftime("%Y",$db->jdate($obj->periode)).'">'.dol_print_date($db->jdate($obj->periode),'day').'</a>';
+				print '<a href="list.php?year='.strftime("%Y",$db->jdate($obj->periode)).'">'.dol_print_date($db->jdate($obj->periode),'day').'</a>';
 			}
 			else
 			{

htdocs/compta/sociales/payments.php

@@ -90,7 +90,7 @@ print '<input type="hidden" name="mode" value="'.$mode.'">';
 
 if ($mode != 'sconly')
 {
-    $center=($year?'<a href="index.php?year='.($year-1).$param.'">'.img_previous($langs->trans("Previous"), 'class="valignbottom"')."</a> ".$langs->trans("Year").' '.$year.' <a href="index.php?year='.($year+1).$param.'">'.img_next($langs->trans("Next"), 'class="valignbottom"')."</a>":"");
+    $center=($year?'<a href="list.php?year='.($year-1).$param.'">'.img_previous($langs->trans("Previous"), 'class="valignbottom"')."</a> ".$langs->trans("Year").' '.$year.' <a href="list.php?year='.($year+1).$param.'">'.img_next($langs->trans("Next"), 'class="valignbottom"')."</a>":"");
     print_barre_liste($title,$page,$_SERVER["PHP_SELF"],$param,$sortfield,$sortorder,$center,$num,$totalnboflines, 'title_accountancy', 0, '', '', $limit, 1);
 }
 else
@@ -181,7 +181,7 @@ if (! empty($conf->tax->enabled) && $user->rights->tax->charges->lire)
 			print $socialcontrib->getNomUrl(1,'20');
 			print '</td>';
 			// Type
-			print '<td><a href="../sociales/index.php?filtre=cs.fk_type:'.$obj->type.'">'.$obj->lib.'</a></td>';
+			print '<td><a href="../sociales/list.php?filtre=cs.fk_type:'.$obj->type.'">'.$obj->lib.'</a></td>';
 			// Date
 			$date=$obj->periode;
 			if (empty($date)) $date=$obj->date_ech;

htdocs/compta/stats/byratecountry.php

@@ -38,7 +38,7 @@ require_once DOL_DOCUMENT_ROOT.'/expensereport/class/paymentexpensereport.class.
 // Load translation files required by the page
 $langs->loadLangs(array("other","compta","banks","bills","companies","product","trips","admin","accountancy"));
 
-$modecompta = GETPOST('modecompta','alpha');
+$modecompta = (GETPOST('modecompta', 'alpha') ? GETPOST('modecompta', 'alpha') : $conf->global->ACCOUNTING_MODE);
 
 // Date range
 $year=GETPOST("year",'int');

htdocs/compta/stats/cabyprodserv.php

@@ -122,22 +122,24 @@ $year_end = $tmpe['year'];
 $nbofyear = ($year_end - $year_start) + 1;
 
 $commonparams=array();
-$commonparams['modecompta']=$modecompta;
-$commonparams['sortorder'] = $sortorder;
-$commonparams['sortfield'] = $sortfield;
+if(!empty($modecompta)) $commonparams['modecompta']=$modecompta;
+if(!empty($sortorder)) $commonparams['sortorder'] = $sortorder;
+if(!empty($sortfield)) $commonparams['sortfield'] = $sortfield;
 
 $headerparams = array();
-$headerparams['date_startyear'] = $date_startyear;
-$headerparams['date_startmonth'] = $date_startmonth;
-$headerparams['date_startday'] = $date_startday;
-$headerparams['date_endyear'] = $date_endyear;
-$headerparams['date_endmonth'] = $date_endmonth;
-$headerparams['date_endday'] = $date_endday;
+if(!empty($date_startyear)) $headerparams['date_startyear'] = $date_startyear;
+if(!empty($date_startmonth)) $headerparams['date_startmonth'] = $date_startmonth;
+if(!empty($date_startday)) $headerparams['date_startday'] = $date_startday;
+if(!empty($date_endyear)) $headerparams['date_endyear'] = $date_endyear;
+if(!empty($date_endmonth)) $headerparams['date_endmonth'] = $date_endmonth;
+if(!empty($date_endday)) $headerparams['date_endday'] = $date_endday;
+if(!empty($year)) $headerparams['year'] = $year;
+if(!empty($month)) $headerparams['month'] = $month;
 $headerparams['q'] = $q;
 
 $tableparams = array();
-$tableparams['search_categ'] = $selected_cat;
-$tableparams['search_type'] = $selected_type;
+if(!empty($selected_cat)) $tableparams['search_categ'] = $selected_cat;
+if(!empty($selected_type)) $tableparams['search_type'] = $selected_type;
 $tableparams['subcat'] = ($subcat === true)?'yes':'';
 
 // Adding common parameters

htdocs/compta/tva/document.php

@@ -56,9 +56,10 @@ $result = restrictedArea($user, 'tax', $id, 'vat','charges');
 $sortfield = GETPOST("sortfield",'alpha');
 $sortorder = GETPOST("sortorder",'alpha');
 $page = GETPOST("page",'int');
-if ($page == -1) {
+if (empty($page) || $page == -1) {
     $page = 0;
 }
+
 $offset = $conf->liste_limit * $page;
 $pageprev = $page - 1;
 $pagenext = $page + 1;

htdocs/compta/tva/index.php

@@ -40,6 +40,7 @@ $year=GETPOST("year","int");
 if (empty($year))
 {
 	$year_current = strftime("%Y",dol_now());
+	if($conf->global->SOCIETE_FISCAL_MONTH_START > date('m')) $year_current--;
 	$year_start = $year_current;
 } else {
 	$year_current = $year;

htdocs/contact/card.php

@@ -80,6 +80,14 @@ $result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', 'ro
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
 $hookmanager->initHooks(array('contactcard','globalcard'));
 
+if ($id > 0) $object->fetch($id);
+
+if (! ($object->id > 0) && $action == 'view')
+{
+	$langs->load("errors");
+	print($langs->trans('ErrorRecordNotFound'));
+	exit;
+}
 
 /*
  *	Actions
@@ -377,21 +385,24 @@ if (empty($reshook))
 			$ret = $extrafields->setOptionalsFromPost($extralabels,$object);
 			if ($ret < 0) $error++;
 
-			$result = $object->update($contactid, $user);
-
-			if ($result > 0) {
-				// Categories association
-				$categories = GETPOST('contcats', 'array');
-				$object->setCategories($categories);
-
-				$object->old_lastname='';
-				$object->old_firstname='';
-				$action = 'view';
-			}
-			else
+			if (! $error)
 			{
-				setEventMessages($object->error, $object->errors, 'errors');
-				$action = 'edit';
+                $result = $object->update($contactid, $user);
+
+    			if ($result > 0) {
+    				// Categories association
+    				$categories = GETPOST('contcats', 'array');
+    				$object->setCategories($categories);
+
+    				$object->old_lastname='';
+    				$object->old_firstname='';
+    				$action = 'view';
+    			}
+    			else
+    			{
+    				setEventMessages($object->error, $object->errors, 'errors');
+    				$action = 'edit';
+    			}
 			}
         }
 
@@ -500,8 +511,8 @@ else
             $linkback='';
             print load_fiche_titre($title,$linkback,'title_companies.png');
 
-            // Affiche les erreurs
-            dol_htmloutput_errors(is_numeric($error)?'':$error,$errors);
+            // Show errors
+            dol_htmloutput_errors(is_numeric($error)?'':$error, $errors);
 
             if ($conf->use_javascript_ajax)
             {
@@ -775,8 +786,8 @@ else
 			$objsoc = new Societe($db);
 			$objsoc->fetch($object->socid);
 
-            // Affiche les erreurs
-            dol_htmloutput_errors($error,$errors);
+			// Show errors
+			dol_htmloutput_errors(is_numeric($error)?'':$error, $errors);
 
             if ($conf->use_javascript_ajax)
             {
@@ -1073,11 +1084,10 @@ else
     {
         $objsoc = new Societe($db);
 
-        /*
-         * Fiche en mode visualisation
-         */
+        // View mode
 
-        dol_htmloutput_errors($error,$errors);
+        // Show errors
+        dol_htmloutput_errors(is_numeric($error)?'':$error, $errors);
 
         dol_fiche_head($head, 'card', $title, -1, 'contact');
 

htdocs/contact/list.php

@@ -365,8 +365,8 @@ else
 $nbtotalofrecords = '';
 if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
 {
-	$result = $db->query($sql);
-	$nbtotalofrecords = $db->num_rows($result);
+	$resql = $db->query($sql);
+	$nbtotalofrecords = $db->num_rows($resql);
 	if (($page * $limit) > $nbtotalofrecords)	// if total resultset is smaller then paging size (filtering), goto and load page 0
 	{
 		$page = 0;
@@ -376,18 +376,18 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
 
 $sql.= $db->plimit($limit+1, $offset);
 
-$result = $db->query($sql);
-if (! $result)
+$resql = $db->query($sql);
+if (! $resql)
 {
 	dol_print_error($db);
 	exit;
 }
 
-$num = $db->num_rows($result);
+$num = $db->num_rows($resql);
 
 $arrayofselected=is_array($toselect)?$toselect:array();
 
-if ($num == 1 && ! empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && ($sall != '' || $seearch_cti != ''))
+if ($num == 1 && ! empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && ($sall != '' || $search_cti != ''))
 {
 	$obj = $db->fetch_object($resql);
 	$id = $obj->rowid;
@@ -715,7 +715,7 @@ $i = 0;
 $totalarray=array();
 while ($i < min($num,$limit))
 {
-	$obj = $db->fetch_object($result);
+	$obj = $db->fetch_object($resql);
 
 	print '<tr class="oddeven">';
 
@@ -914,7 +914,7 @@ while ($i < min($num,$limit))
 	$i++;
 }
 
-$db->free($result);
+$db->free($resql);
 
 $parameters=array('arrayfields'=>$arrayfields, 'sql'=>$sql);
 $reshook=$hookmanager->executeHooks('printFieldListFooter',$parameters);    // Note that $action and $object may have been modified by hook

htdocs/contrat/list.php

@@ -3,7 +3,7 @@
  * Copyright (C) 2004-2017 Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2005-2012 Regis Houssin        <regis.houssin@inodbox.com>
  * Copyright (C) 2013      Cédric Salvador      <csalvador@gpcsolutions.fr>
- * Copyright (C) 2014      Juanjo Menent        <jmenent@2byte.es>
+ * Copyright (C) 2014-2019 Juanjo Menent        <jmenent@2byte.es>
  * Copyright (C) 2015	   Claudio Aschieri		<c.aschieri@19.coop>
  * Copyright (C) 2015      Jean-François Ferry	<jfefe@aternatik.fr>
  * Copyright (C) 2016-2018 Ferran Marcet        <fmarcet@2byte.es>
@@ -45,14 +45,14 @@ $confirm=GETPOST('confirm','alpha');
 $toselect = GETPOST('toselect', 'array');
 $contextpage= GETPOST('contextpage','aZ')?GETPOST('contextpage','aZ'):'contractlist';   // To manage different context of search
 
-$search_name=GETPOST('search_name');
-$search_email=GETPOST('search_email');
+$search_name=GETPOST('search_name', 'alpha');
+$search_email=GETPOST('search_email', 'alpha');
 $search_town=GETPOST('search_town','alpha');
 $search_zip=GETPOST('search_zip','alpha');
 $search_state=trim(GETPOST("search_state"));
 $search_country=GETPOST("search_country",'int');
 $search_type_thirdparty=GETPOST("search_type_thirdparty",'int');
-$search_contract=GETPOST('search_contract');
+$search_contract=GETPOST('search_contract','alpha');
 $search_ref_customer=GETPOST('search_ref_customer','alpha');
 $search_ref_supplier=GETPOST('search_ref_supplier','alpha');
 $sall=trim((GETPOST('search_all', 'alphanohtml')!='')?GETPOST('search_all', 'alphanohtml'):GETPOST('sall', 'alphanohtml'));
@@ -706,9 +706,7 @@ while ($i < min($num,$limit))
 			$nbofsalesrepresentative=count($listsalesrepresentatives);
 			if ($nbofsalesrepresentative > 3)   // We print only number
 			{
-				print '<a href="'.DOL_URL_ROOT.'/societe/commerciaux.php?socid='.$socstatic->id.'">';
 				print $nbofsalesrepresentative;
-				print '</a>';
 			}
 			else if ($nbofsalesrepresentative > 0)
 			{

htdocs/contrat/services_list.php

@@ -5,6 +5,7 @@
  * Copyright (C) 2015       Jean-François Ferry     <jfefe@aternatik.fr>
  * Copyright (C) 2018       Ferran Marcet           <fmarcet@2byte.es>
  * Copyright (C) 2018       Frédéric France         <frederic.france@netlogic.fr>
+ * Copyright (C) 2019      Juanjo Menent		<jmenent@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -47,9 +48,9 @@ if (! $sortorder) $sortorder="ASC";
 
 $mode = GETPOST("mode");
 $filter=GETPOST("filter");
-$search_name=GETPOST("search_name");
-$search_contract=GETPOST("search_contract");
-$search_service=GETPOST("search_service");
+$search_name=GETPOST("search_name", 'alpha');
+$search_contract=GETPOST("search_contract", 'alpha');
+$search_service=GETPOST("search_service", 'alpha');
 $search_status=GETPOST("search_status","alpha");
 $statut=GETPOST('statut')?GETPOST('statut'):1;
 $search_product_category=GETPOST('search_product_category','int');

htdocs/core/actions_linkedfiles.inc.php

@@ -125,8 +125,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes')
         {
             require_once DOL_DOCUMENT_ROOT . '/core/class/link.class.php';
             $link = new Link($db);
-            $link->id = $linkid;
-            $link->fetch();
+            $link->fetch($linkid);
             $res = $link->delete($user);
 
             $langs->load('link');
@@ -160,8 +159,7 @@ elseif ($action == 'confirm_updateline' && GETPOST('save','alpha') && GETPOST('l
     require_once DOL_DOCUMENT_ROOT . '/core/class/link.class.php';
     $langs->load('link');
     $link = new Link($db);
-    $link->id = GETPOST('linkid', 'int');
-    $f = $link->fetch();
+    $f = $link->fetch(GETPOST('linkid', 'int'));
     if ($f)
     {
         $link->url = GETPOST('link', 'alpha');
@@ -169,7 +167,7 @@ elseif ($action == 'confirm_updateline' && GETPOST('save','alpha') && GETPOST('l
         {
             $link->url = 'http://' . $link->url;
         }
-        $link->label = GETPOST('label', 'alpha');
+        $link->label = GETPOST('label', 'alphanohtml');
         $res = $link->update($user);
         if (!$res)
         {
@@ -194,7 +192,7 @@ elseif ($action == 'renamefile' && GETPOST('renamefilesave','alpha'))
 	        // Security:
 	        // Disallow file with some extensions. We rename them.
 	        // Because if we put the documents directory into a directory inside web root (very bad), this allows to execute on demand arbitrary code.
-	        if (preg_match('/\.htm|\.html|\.php|\.pl|\.cgi$/i',$filenameto) && empty($conf->global->MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED))
+            if (isAFileWithExecutableContent($filenameto) && empty($conf->global->MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED))
 	        {
 	            $filenameto.= '.noexe';
 	        }

htdocs/core/actions_sendmails.inc.php

@@ -43,7 +43,7 @@ if (GETPOST('addfile','alpha'))
 	$vardir=$conf->user->dir_output."/".$user->id;
 	$upload_dir_tmp = $vardir.'/temp';             // TODO Add $keytoavoidconflict in upload_dir path
 
-	dol_add_file_process($upload_dir_tmp, 0, 0, 'addedfile', '', null, $trackid, 0);
+	dol_add_file_process($upload_dir_tmp, 1, 0, 'addedfile', '', null, $trackid, 0);
 	$action='presend';
 }
 
@@ -478,7 +478,7 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO
 					$mesg='<div class="error">';
 					if ($mailfile->error)
 					{
-						$mesg.=$langs->trans('ErrorFailedToSendMail',$from,$sendto);
+						$mesg.=$langs->transnoentities('ErrorFailedToSendMail',dol_escape_htmltag($from),dol_escape_htmltag($sendto));
 						$mesg.='<br>'.$mailfile->error;
 					}
 					else

htdocs/core/boxes/box_contacts.php

@@ -4,6 +4,7 @@
  * Copyright (C) 2005-2009 Regis Houssin        <regis.houssin@inodbox.com>
  * Copyright (C) 2015      Frederic France      <frederic.france@free.fr>
  * Copyright (C) 2018      Josep Lluís Amador   <joseplluis@lliuretic.cat>
+ * Copyright (C) 2020      Ferran Marcet	    <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -90,7 +91,7 @@ class box_contacts extends ModeleBoxes
 			$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON sp.fk_soc = s.rowid";
 			if (! $user->rights->societe->client->voir && ! $user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 			$sql.= " WHERE sp.entity IN (".getEntity('socpeople').")";
-			if (! $user->rights->societe->client->voir && ! $user->societe_id) $sql.= " AND sp.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+			if (! $user->rights->societe->client->voir && ! $user->societe_id) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 			if ($user->societe_id) $sql.= " AND sp.fk_soc = ".$user->societe_id;
 			$sql.= " ORDER BY sp.tms DESC";
 			$sql.= $db->plimit($max, 0);

htdocs/core/class/CMailFile.class.php

@@ -123,6 +123,13 @@ class CMailFile
 	{
 		global $conf, $dolibarr_main_data_root;
 
+		// Clean values of $mimefilename_list
+		if (is_array($mimefilename_list)) {
+			foreach($mimefilename_list as $key => $val) {
+				$mimefilename_list[$key] = dol_string_unaccent($mimefilename_list[$key]);
+			}
+		}
+
 		$this->sendcontext = $sendcontext;
 
 		if (empty($replyto)) $replyto=$from;
@@ -522,6 +529,31 @@ class CMailFile
 				return true;
 			}
 
+			$sendingmode = $this->sendmode;
+			if ($this->context == 'emailing' && ! empty($conf->global->MAILING_NO_USING_PHPMAIL) && $sendingmode == 'mail')
+			{
+			    // List of sending methods
+			    $listofmethods=array();
+			    $listofmethods['mail']='PHP mail function';
+			    //$listofmethods['simplemail']='Simplemail class';
+			    $listofmethods['smtps']='SMTP/SMTPS socket library';
+
+			    // EMailing feature may be a spam problem, so when you host several users/instance, having this option may force each user to use their own SMTP agent.
+			    // You ensure that every user is using its own SMTP server when using the mass emailing module.
+			    $linktoadminemailbefore='';
+			    $linktoadminemailend='';
+			    $this->error = $langs->trans("MailSendSetupIs", $listofmethods[$sendingmode]);
+			    $this->errors[] = $langs->trans("MailSendSetupIs", $listofmethods[$sendingmode]);
+			    $this->error .= '<br>'.$langs->trans("MailSendSetupIs2", $linktoadminemailbefore, $linktoadminemailend, $langs->transnoentitiesnoconv("MAIN_MAIL_SENDMODE"), $listofmethods['smtps']);
+			    $this->errors[] = $langs->trans("MailSendSetupIs2", $linktoadminemailbefore, $linktoadminemailend, $langs->transnoentitiesnoconv("MAIN_MAIL_SENDMODE"), $listofmethods['smtps']);
+			    if (! empty($conf->global->MAILING_SMTP_SETUP_EMAILS_FOR_QUESTIONS))
+			    {
+			        $this->error .= '<br>'.$langs->trans("MailSendSetupIs3", $conf->global->MAILING_SMTP_SETUP_EMAILS_FOR_QUESTIONS);
+			        $this->errors[] = $langs->trans("MailSendSetupIs3", $conf->global->MAILING_SMTP_SETUP_EMAILS_FOR_QUESTIONS);
+			    }
+                return false;
+			}
+
 			// Check number of recipient is lower or equal than MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL
 			if (empty($conf->global->MAIL_MAX_NB_OF_RECIPIENTS_TO_IN_SAME_EMAIL)) $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_TO_IN_SAME_EMAIL=10;
 			$tmparray1 = explode(',', $this->addr_to);

htdocs/core/class/commoninvoice.class.php

@@ -195,6 +195,29 @@ abstract class CommonInvoice extends CommonObject
 	    }
 	}
 
+	/**
+	 *    	Return amount (with tax) of all converted amount for this credit note
+	 *
+	 * 		@param 		int 	$multicurrency 	Return multicurrency_amount instead of amount
+	 *		@return		int						<0 if KO, Sum of credit notes and deposits amount otherwise
+	 */
+	function getSumFromThisCreditNotesNotUsed($multicurrency=0)
+	{
+	    require_once DOL_DOCUMENT_ROOT.'/core/class/discount.class.php';
+
+	    $discountstatic=new DiscountAbsolute($this->db);
+	    $result=$discountstatic->getSumFromThisCreditNotesNotUsed($this, $multicurrency);
+	    if ($result >= 0)
+	    {
+	        return $result;
+	    }
+	    else
+	    {
+	        $this->error=$discountstatic->error;
+	        return -1;
+	    }
+	}
+
 	/**
 	 *	Renvoie tableau des ids de facture avoir issus de la facture
 	 *

htdocs/core/class/commonobject.class.php

@@ -10,8 +10,8 @@
  * Copyright (C) 2015      Alexandre Spangaro   <aspangaro.dolibarr@gmail.com>
  * Copyright (C) 2016      Bahfir abbes         <dolipar@dolipar.org>
  * Copyright (C) 2017      ATM Consulting       <support@atm-consulting.fr>
- * Copyright (C) 2017      Nicolas ZABOURI      <info@inovea-conseil.com>
- * Copyright (C) 2017      Rui Strecht          <rui.strecht@aliartalentos.com>
+ * Copyright (C) 2017-2019 Nicolas ZABOURI      <info@inovea-conseil.com>
+ * Copyright (C) 2017      Rui Strecht		    <rui.strecht@aliartalentos.com>
  * Copyright (C) 2018      Frédéric France      <frederic.france@netlogic.fr>
  * Copyright (C) 2018      Josep Lluís Amador   <joseplluis@lliuretic.cat>
  *
@@ -53,7 +53,7 @@ abstract class CommonObject
 
 	/**
 	 * @var string 		Error string
-	 * @see             errors
+	 * @see             $errors
 	 */
 	public $error;
 
@@ -509,7 +509,7 @@ abstract class CommonObject
 			$this->country     =$tmparray['label'];
 		}
 
-        if ($withregion && $this->state_id && (empty($this->state_code) || empty($this->state) || empty($this->region) || empty($this->region_cpde)))
+        if ($withregion && $this->state_id && (empty($this->state_code) || empty($this->state) || empty($this->region) || empty($this->region_code)))
     	{
     		require_once DOL_DOCUMENT_ROOT .'/core/lib/company.lib.php';
     		$tmparray=getState($this->state_id,'all',0,1);
@@ -1816,7 +1816,7 @@ abstract class CommonObject
 	 */
 	function setMulticurrencyCode($code)
 	{
-		dol_syslog(get_class($this).'::setMulticurrencyCode('.$id.')');
+		dol_syslog(get_class($this).'::setMulticurrencyCode('.$code.')');
 		if ($this->statut >= 0 || $this->element == 'societe')
 		{
 			$fieldname = 'multicurrency_code';
@@ -1858,7 +1858,7 @@ abstract class CommonObject
 	 */
 	function setMulticurrencyRate($rate, $mode=1)
 	{
-		dol_syslog(get_class($this).'::setMulticurrencyRate('.$id.')');
+		dol_syslog(get_class($this).'::setMulticurrencyRate('.$rate.','.$mode.')');
 		if ($this->statut >= 0 || $this->element == 'societe')
 		{
 			$fieldname = 'multicurrency_tx';
@@ -1876,10 +1876,16 @@ abstract class CommonObject
 				{
 					foreach ($this->lines as &$line)
 					{
+						// Amounts in company currency will be recalculated
 						if($mode == 1) {
 							$line->subprice = 0;
 						}
 
+						// Amounts in foreign currency will be recalculated
+						if($mode == 2) {
+							$line->multicurrency_subprice = 0;
+						}
+
 						switch ($this->element) {
 							case 'propal':
 								$this->updateline(
@@ -2689,7 +2695,7 @@ abstract class CommonObject
 		$MODULE = "";
 		if ($this->element == 'propal')
 			$MODULE = "MODULE_DISALLOW_UPDATE_PRICE_PROPOSAL";
-		elseif ($this->element == 'order')
+		elseif ($this->element == 'commande' || $this->element == 'order')
 			$MODULE = "MODULE_DISALLOW_UPDATE_PRICE_ORDER";
 		elseif ($this->element == 'facture')
 			$MODULE = "MODULE_DISALLOW_UPDATE_PRICE_INVOICE";
@@ -3806,10 +3812,11 @@ abstract class CommonObject
 
 		// Output template part (modules that overwrite templates must declare this into descriptor)
 		// Use global variables + $dateSelector + $seller and $buyer
-		$dirtpls=array_merge($conf->modules_parts['tpl'],array('/core/tpl'));
+		$dirtpls=array_merge($conf->modules_parts['tpl'], array('/core/tpl'));
 		foreach($dirtpls as $reldir)
 		{
 			$tpl = dol_buildpath($reldir.'/objectline_create.tpl.php');
+
 			if (empty($conf->file->strict_mode)) {
 				$res=@include $tpl;
 			} else {
@@ -4059,10 +4066,11 @@ abstract class CommonObject
 
 			// Output template part (modules that overwrite templates must declare this into descriptor)
 			// Use global variables + $dateSelector + $seller and $buyer
-			$dirtpls=array_merge($conf->modules_parts['tpl'],array('/core/tpl'));
+			$dirtpls=array_merge($conf->modules_parts['tpl'], array('/core/tpl'));
 			foreach($dirtpls as $reldir)
 			{
 				$tpl = dol_buildpath($reldir.'/objectline_view.tpl.php');
+
 				if (empty($conf->file->strict_mode)) {
 					$res=@include $tpl;
 				} else {
@@ -4082,10 +4090,11 @@ abstract class CommonObject
 
 			// Output template part (modules that overwrite templates must declare this into descriptor)
 			// Use global variables + $dateSelector + $seller and $buyer
-			$dirtpls=array_merge($conf->modules_parts['tpl'],array('/core/tpl'));
+			$dirtpls=array_merge($conf->modules_parts['tpl'], array('/core/tpl'));
 			foreach($dirtpls as $reldir)
 			{
 				$tpl = dol_buildpath($reldir.'/objectline_edit.tpl.php');
+
 				if (empty($conf->file->strict_mode)) {
 					$res=@include $tpl;
 				} else {
@@ -4278,10 +4287,11 @@ abstract class CommonObject
 
 		// Output template part (modules that overwrite templates must declare this into descriptor)
 		// Use global variables + $dateSelector + $seller and $buyer
-		$dirtpls=array_merge($conf->modules_parts['tpl'],array('/core/tpl'));
+		$dirtpls=array_merge($conf->modules_parts['tpl'], array('/core/tpl'));
 		foreach($dirtpls as $reldir)
 		{
 			$tpl = dol_buildpath($reldir.'/originproductline.tpl.php');
+
 			if (empty($conf->file->strict_mode)) {
 				$res=@include $tpl;
 			} else {
@@ -5953,6 +5963,12 @@ abstract class CommonObject
 			$type='link';
 			$param['options']=array($reg[1].':'.$reg[2]=>$reg[1].':'.$reg[2]);
 		}
+        elseif(preg_match('/^sellist:(.*):(.*):(.*):(.*)/i', $val['type'], $reg)) {
+            $param['options'] = array($reg[1] . ':' . $reg[2] . ':' . $reg[3] . ':' . $reg[4] => 'N');
+            $type = 'sellist';
+        }
+
+
 		$langfile=$val['langfile'];
 		$list=$val['list'];
 		$help=$val['help'];
@@ -6285,7 +6301,7 @@ abstract class CommonObject
 	 * @param 	array       $params         Optional parameters. Example: array('style'=>'class="oddeven"', 'colspan'=>$colspan)
 	 * @param 	string      $keysuffix      Suffix string to add after name and id of field (can be used to avoid duplicate names)
 	 * @param 	string      $keyprefix      Prefix string to add before name and id of field (can be used to avoid duplicate names)
-	 * @param	string		$onetrtd		All fields in same tr td
+	 * @param	string		$onetrtd		All fields in same tr td (TODO field not used ?)
 	 * @return 	string
 	 */
 	function showOptionals($extrafields, $mode='view', $params=null, $keysuffix='', $keyprefix='', $onetrtd=0)
@@ -6382,10 +6398,7 @@ abstract class CommonObject
 
 					$out .= '<tr id="'.$html_id.'" '.$csstyle.' class="'.$class.$this->element.'_extras_'.$key.'" '.$domData.' >';
 
-					if (! empty($conf->global->MAIN_EXTRAFIELDS_USE_TWO_COLUMS) && ($e % 2) == 0)
-					{
-						if (! empty($conf->global->MAIN_EXTRAFIELDS_USE_TWO_COLUMS) && ($e % 2) == 0) { $colspan='0'; }
-					}
+					if (! empty($conf->global->MAIN_EXTRAFIELDS_USE_TWO_COLUMS) && ($e % 2) == 0) { $colspan='0'; }
 
 					if ($action == 'selectlines') { $colspan++; }
 
@@ -6442,7 +6455,7 @@ abstract class CommonObject
 				    jQuery(document).ready(function() {
 				    	function showOptions(child_list, parent_list)
 				    	{
-				    		var val = $("select[name=\"options_"+parent_list+"\"]").val();
+				    		var val = $("select[name=\""+parent_list+"\"]").val();
 				    		var parentVal = parent_list + ":" + val;
 							if(val > 0) {
 					    		$("select[name=\""+child_list+"\"] option[parent]").hide();

htdocs/core/class/conf.class.php

@@ -615,6 +615,10 @@ class Conf
 		    $this->expensereport->payment		= new stdClass();
 		    $this->expensereport->payment->warning_delay=(isset($this->global->MAIN_DELAY_EXPENSEREPORTS_TO_PAY)?$this->global->MAIN_DELAY_EXPENSEREPORTS_TO_PAY:0)*24*60*60;
 		}
+        if (isset($this->holiday)) {
+            $this->holiday->approve = new stdClass();
+            $this->holiday->approve->warning_delay=(isset($this->global->MAIN_DELAY_HOLIDAYS)?$this->global->MAIN_DELAY_HOLIDAYS:0)*24*60*60;
+        }
 
 		if (! empty($this->global->PRODUIT_MULTIPRICES) && empty($this->global->PRODUIT_MULTIPRICES_LIMIT))
 		{

htdocs/core/class/discount.class.php

@@ -133,7 +133,7 @@ class DiscountAbsolute
         $sql.= " FROM ".MAIN_DB_PREFIX."societe_remise_except as sr";
         $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."facture as f ON sr.fk_facture_source = f.rowid";
         $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."facture as fsup ON sr.fk_invoice_supplier_source = fsup.rowid";
-        $sql.= " WHERE sr.entity = " . $conf->entity;
+	$sql.= " WHERE sr.entity IN (".getEntity('invoice').")";
         if ($rowid) $sql.= " AND sr.rowid=".$rowid;
         if ($fk_facture_source) $sql.= " AND sr.fk_facture_source=".$fk_facture_source;
         if ($fk_invoice_supplier_source) $sql.= " AND sr.fk_invoice_supplier_source=".$fk_invoice_supplier_source;
@@ -614,6 +614,49 @@ class DiscountAbsolute
             return -1;
         }
     }
+    /**
+     *    	Return amount (with tax) of all converted amount for this credit note
+     *
+     *	@param		CommonInvoice	  $invoice	    	Object invoice
+	 *	@param		int			      $multicurrency	Return multicurrency_amount instead of amount
+     *	@return		int					        		<0 if KO, Sum of credit notes and deposits amount otherwise
+     */
+    function getSumFromThisCreditNotesNotUsed($invoice, $multicurrency=0)
+    {
+        dol_syslog(get_class($this)."::getSumCreditNotesUsed", LOG_DEBUG);
+
+        if ($invoice->element == 'facture' || $invoice->element == 'invoice')
+        {
+            $sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount';
+            $sql.= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc';
+            $sql.= ' WHERE rc.fk_facture IS NULL AND rc.fk_facture_source = '.$invoice->id;
+        }
+        else if ($invoice->element == 'invoice_supplier')
+        {
+            $sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount';
+            $sql.= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc';
+            $sql.= ' WHERE rc.fk_invoice_supplier IS NULL AND rc.fk_invoice_supplier_source = '.$invoice->id;
+        }
+        else
+        {
+            $this->error=get_class($this)."::getSumCreditNotesUsed was called with a bad object as a first parameter";
+            dol_print_error($this->error);
+            return -1;
+        }
+
+        $resql=$this->db->query($sql);
+        if ($resql)
+        {
+            $obj = $this->db->fetch_object($resql);
+            if ($multicurrency) return $obj->multicurrency_amount;
+			else return $obj->amount;
+        }
+        else
+        {
+            $this->error = $this->db->lasterror();
+            return -1;
+        }
+    }
 
     /**
      *	Return clickable ref of object (with picto or not)

htdocs/core/class/doleditor.class.php

@@ -177,7 +177,7 @@ class DolEditor
             $out.= $this->content;
             $out.= '</textarea>';
 
-            if ($this->tool == 'ckeditor' && ! empty($conf->use_javascript_ajax))
+            if ($this->tool == 'ckeditor' && ! empty($conf->use_javascript_ajax) && ! empty($conf->fckeditor->enabled))
             {
             	if (! defined('REQUIRE_CKEDITOR')) define('REQUIRE_CKEDITOR','1');
 

htdocs/core/class/extrafields.class.php

@@ -1224,13 +1224,14 @@ class ExtraFields
 
 						if ($value == $obj->rowid)
 						{
-							foreach ($fields_label as $field_toshow)
-							{
-								$translabel=$langs->trans($obj->$field_toshow);
-								if ($translabel!=$obj->$field_toshow) {
-									$labeltoshow=dol_trunc($translabel,18).' ';
-								}else {
-									$labeltoshow=dol_trunc($obj->$field_toshow,18).' ';
+							if (! $notrans) {
+								foreach ($fields_label as $field_toshow) {
+									$translabel = $langs->trans($obj->$field_toshow);
+									if ($translabel != $obj->$field_toshow) {
+										$labeltoshow = dol_trunc($translabel, 18) . ' ';
+									} else {
+										$labeltoshow = dol_trunc($obj->$field_toshow, 18) . ' ';
+									}
 								}
 							}
 							$out.='<option value="'.$obj->rowid.'" selected>'.$labeltoshow.'</option>';
@@ -1860,7 +1861,7 @@ class ExtraFields
 	function setOptionalsFromPost($extralabels, &$object, $onlykey='')
 	{
 		global $_POST, $langs;
-		$nofillrequired='';// For error when required field left blank
+		$nofillrequired=0;// For error when required field left blank
 		$error_field_required = array();
 
 		if (is_array($this->attributes[$object->table_element]['label'])) $extralabels=$this->attributes[$object->table_element]['label'];
@@ -1891,15 +1892,15 @@ class ExtraFields
 				if ($this->attributes[$object->table_element]['required'][$key])	// Value is required
 				{
 					// Check if empty without using GETPOST, value can be alpha, int, array, etc...
-					if ((! is_array($_POST["options_".$key]) && empty($_POST["options_".$key]) && $_POST["options_".$key] != '0')
-						|| (is_array($_POST["options_".$key]) && empty($_POST["options_".$key])))
+				    if ((! is_array($_POST["options_".$key]) && empty($_POST["options_".$key]) && $this->attributes[$object->table_element]['type'][$key] != 'select' && $_POST["options_".$key] != '0')
+				        || (! is_array($_POST["options_".$key]) && empty($_POST["options_".$key]) && $this->attributes[$object->table_element]['type'][$key] == 'select')
+				        || (is_array($_POST["options_".$key]) && empty($_POST["options_".$key])))
 					{
 						//print 'ccc'.$value.'-'.$this->attributes[$object->table_element]['required'][$key];
 						$nofillrequired++;
 						$error_field_required[] = $langs->transnoentitiesnoconv($value);
 					}
 				}
-
 				if (in_array($key_type,array('date')))
 				{
 					// Clean parameters

htdocs/core/class/html.form.class.php

@@ -152,7 +152,7 @@ class Form
 	 * @param	string	$value			Value to show/edit
 	 * @param	object	$object			Object
 	 * @param	boolean	$perm			Permission to allow button to edit parameter
-	 * @param	string	$typeofdata		Type of data ('string' by default, 'email', 'amount:99', 'numeric:99', 'text' or 'textarea:rows:cols%', 'datepicker' ('day' do not work, don't know why), 'dayhour' or 'datepickerhour', 'ckeditor:dolibarr_zzz:width:height:savemethod:toolbarstartexpanded:rows:cols', 'select:xxx'...)
+	 * @param	string	$typeofdata		Type of data ('string' by default, 'email', 'amount:99', 'numeric:99', 'text' or 'textarea:rows:cols%', 'datepicker' ('day' do not work, don't know why), 'dayhour' or 'datepickerhour', 'ckeditor:dolibarr_zzz:width:height:savemethod:toolbarstartexpanded:rows:cols', 'select;xkey:xval,ykey:yval,...')
 	 * @param	string	$editvalue		When in edit mode, use this value as $value instead of value (for example, you can provide here a formated price instead of value). Use '' to use same than $value
 	 * @param	object	$extObject		External object
 	 * @param	mixed	$custommsg		String or Array of custom messages : eg array('success' => 'MyMessage', 'error' => 'MyMessage')
@@ -172,7 +172,7 @@ class Form
 		if (empty($typeofdata)) return 'ErrorBadParameter';
 
 		// When option to edit inline is activated
-		if (! empty($conf->global->MAIN_USE_JQUERY_JEDITABLE) && ! preg_match('/^select;|datehourpicker/',$typeofdata)) // TODO add jquery timepicker
+		if (! empty($conf->global->MAIN_USE_JQUERY_JEDITABLE) && ! preg_match('/^select;|datehourpicker/',$typeofdata)) // TODO add jquery timepicker and support select
 		{
 			$ret.=$this->editInPlace($object, $value, $htmlname, $perm, $typeofdata, $editvalue, $extObject, $custommsg);
 		}
@@ -229,7 +229,8 @@ class Form
 					 foreach($arraydata as $val)
 					 {
 						 $tmp=explode(':',$val);
-						 $arraylist[$tmp[0]]=$tmp[1];
+						 $tmpkey=str_replace('|', ':', $tmp[0]);
+						 $arraylist[$tmpkey]=$tmp[1];
 					 }
 					 $ret.=$this->selectarray($htmlname,$arraylist,$value);
 				}
@@ -298,7 +299,7 @@ class Form
 	 * @param	string	$value			Value to show/edit
 	 * @param	string	$htmlname		DIV ID (field name)
 	 * @param	int		$condition		Condition to edit
-	 * @param	string	$inputType		Type of input ('string', 'numeric', 'datepicker' ('day' do not work, don't know why), 'textarea:rows:cols', 'ckeditor:dolibarr_zzz:width:height:?:1:rows:cols', 'select:xxx')
+	 * @param	string	$inputType		Type of input ('string', 'numeric', 'datepicker' ('day' do not work, don't know why), 'textarea:rows:cols', 'ckeditor:dolibarr_zzz:width:height:?:1:rows:cols', 'select:loadmethod:savemethod:buttononly')
 	 * @param	string	$editvalue		When in edit mode, use this value as $value instead of value
 	 * @param	object	$extObject		External object
 	 * @param	mixed	$custommsg		String or Array of custom messages : eg array('success' => 'MyMessage', 'error' => 'MyMessage')
@@ -572,15 +573,14 @@ class Form
 	 * Generate select HTML to choose massaction
 	 *
 	 * @param	string	$selected		Value auto selected when at least one record is selected. Not a preselected value. Use '0' by default.
-	 * @param	int		$arrayofaction	array('code'=>'label', ...). The code is the key stored into the GETPOST('massaction') when submitting action.
+	 * @param	array		$arrayofaction	array('code'=>'label', ...). The code is the key stored into the GETPOST('massaction') when submitting action.
 	 * @param   int     $alwaysvisible  1=select button always visible
-	 * @return	string					Select list
+	 * @return	string|void					Select list
 	 */
 	function selectMassAction($selected, $arrayofaction, $alwaysvisible=0)
 	{
 		global $conf,$langs,$hookmanager;
 
-		if (count($arrayofaction) == 0) return;
 
 		$disabled=0;
 		$ret='<div class="centpercent center">';
@@ -589,6 +589,8 @@ class Form
 		// Complete list with data from external modules. THe module can use $_SERVER['PHP_SELF'] to know on which page we are, or use the $parameters['currentcontext'] completed by executeHooks.
 		$parameters=array();
 		$reshook=$hookmanager->executeHooks('addMoreMassActions',$parameters);    // Note that $action and $object may have been modified by hook
+		// check if there is a mass action
+		if (count($arrayofaction) == 0 && empty($hookmanager->resPrint)) return;
 		if (empty($reshook))
 		{
 			$ret.='<option value="0"'.($disabled?' disabled="disabled"':'').'>-- '.$langs->trans("SelectAction").' --</option>';
@@ -1861,10 +1863,10 @@ class Form
 	 * 	@param		int			$forcecombo				Force to use combo box
 	 *  @param      string      $morecss                Add more css on select
 	 *  @param      int         $hidepriceinlabel       1=Hide prices in label
-	 *  @param      string      $warehouseStatus        warehouse status filter, following comma separated filter options can be used
-	 *										            'warehouseopen' = select products from open warehouses,
-	 *										            'warehouseclosed' = select products from closed warehouses,
-	 *										            'warehouseinternal' = select products from warehouses for internal correct/transfer only
+	 *  @param      string      $warehouseStatus        Warehouse status filter to count the quantity in stock. Following comma separated filter options can be used
+	 *										            'warehouseopen' = count products from open warehouses,
+	 *										            'warehouseclosed' = count products from closed warehouses,
+	 *										            'warehouseinternal' = count products from warehouses for internal correct/transfer only
 	 *  @param 		array 		$selected_combinations 	Selected combinations. Format: array([attrid] => attrval, [...])
 	 *  @return		void
 	 */
@@ -1876,7 +1878,16 @@ class Form
 		// check parameters
 		$price_level = (! empty($price_level) ? $price_level : 0);
 		if (is_null($ajaxoptions)) $ajaxoptions=array();
-		
+
+		if(strval($filtertype) === '' && (!empty($conf->product->enabled) || !empty($conf->service->enabled))){
+			if(!empty($conf->product->enabled) && empty($conf->service->enabled)){
+				$filtertype = '0';
+			}
+			elseif(empty($conf->product->enabled) && !empty($conf->service->enabled)){
+				$filtertype = '1';
+			}
+		}
+
 		if (! empty($conf->use_javascript_ajax) && ! empty($conf->global->PRODUIT_USE_SEARCH_TO_SELECT))
 		{
 			$placeholder='';
@@ -2006,10 +2017,10 @@ class Form
 	 * 	@param		int		$forcecombo		    Force to use combo box
 	 *  @param      string  $morecss            Add more css on select
 	 *  @param      int     $hidepriceinlabel   1=Hide prices in label
-	 *  @param      string  $warehouseStatus    warehouse status filter, following comma separated filter options can be used
-	 *										    'warehouseopen' = select products from open warehouses,
-	 *										    'warehouseclosed' = select products from closed warehouses,
-	 *										    'warehouseinternal' = select products from warehouses for internal correct/transfer only
+	 *  @param      string  $warehouseStatus    Warehouse status filter to group/count stock. Following comma separated filter options can be used.
+	 *										    'warehouseopen' = count products from open warehouses,
+	 *										    'warehouseclosed' = count products from closed warehouses,
+	 *										    'warehouseinternal' = count products from warehouses for internal correct/transfer only
 	 *  @return     array    				    Array of keys for json
 	 */
 	function select_produits_list($selected='',$htmlname='productid',$filtertype='',$limit=20,$price_level=0,$filterkey='',$status=1,$finished=2,$outputmode=0,$socid=0,$showempty='1',$forcecombo=0,$morecss='',$hidepriceinlabel=0, $warehouseStatus='')
@@ -2039,7 +2050,14 @@ class Form
 		}
 
 		$selectFields = " p.rowid, p.label, p.ref, p.description, p.barcode, p.fk_product_type, p.price, p.price_ttc, p.price_base_type, p.tva_tx, p.duration, p.fk_price_expression";
-		(count($warehouseStatusArray)) ? $selectFieldsGrouped = ", sum(ps.reel) as stock" : $selectFieldsGrouped = ", p.stock";
+		if (count($warehouseStatusArray))
+		{
+		    $selectFieldsGrouped = ", sum(".$db->ifsql("e.statut IS NULL", "0", "ps.reel").") as stock";           // e.statut is null if there is no record in stock
+		}
+		else
+		{
+		    $selectFieldsGrouped = ", p.stock";
+		}
 
 		$sql = "SELECT ";
 		$sql.= $selectFields . $selectFieldsGrouped;
@@ -2074,7 +2092,8 @@ class Form
 		if (count($warehouseStatusArray))
 		{
 			$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps on ps.fk_product = p.rowid";
-			$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."entrepot as e on ps.fk_entrepot = e.rowid";
+			$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."entrepot as e on ps.fk_entrepot = e.rowid AND e.entity IN (".getEntity('stock').")";
+			$sql.= ' AND e.statut IN ('.$this->db->escape(implode(',',$warehouseStatusArray)).')';    // Return line if product is inside the selected stock. If not, an empty line will be returned so we will count 0.
 		}
 
 		// include search in supplier ref
@@ -2098,10 +2117,6 @@ class Form
 		}
 
 		$sql.= ' WHERE p.entity IN ('.getEntity('product').')';
-		if (count($warehouseStatusArray))
-		{
-			$sql.= ' AND (p.fk_product_type = 1 OR e.statut IN ('.$this->db->escape(implode(',',$warehouseStatusArray)).'))';
-		}
 
 		if (!empty($conf->global->PRODUIT_ATTRIBUTES_HIDECHILD)) {
 			$sql .= " AND pac.rowid IS NULL";
@@ -2272,7 +2287,7 @@ class Form
 	/**
 	 * constructProductListOption
 	 *
-	 * @param 	resultset	$objp			    Resultset of fetch
+	 * @param 	resource	$objp			    Resultset of fetch
 	 * @param 	string		$opt			    Option (var used for returned value in string option format)
 	 * @param 	string		$optJson		    Option (var used for returned value in json format)
 	 * @param 	int			$price_level	    Price level
@@ -5558,7 +5573,8 @@ class Form
 		if ($prefixforautocompletemode == 'societe') $prefixforautocompletemode='company';
 		$confkeyforautocompletemode=strtoupper($prefixforautocompletemode).'_USE_SEARCH_TO_SELECT';	// For example COMPANY_USE_SEARCH_TO_SELECT
 
-		$fieldstoshow='t.ref';
+		if (((float) DOL_VERSION) < 10 && $objecttmp->element == 'facture') $fieldstoshow = 't.facnumber';
+		else $fieldstoshow='t.ref';
 		if (! empty($objecttmp->fields))	// For object that declare it, it is better to use declared fields ( like societe, contact, ...)
 		{
 			$tmpfieldstoshow='';

htdocs/core/class/html.formfile.class.php

@@ -767,7 +767,7 @@ class FormFile
 					$out.= '<a class="documentdownload paddingright" href="'.$documenturl.'?modulepart='.$modulepart.'&amp;file='.urlencode($relativepath).($param?'&'.$param:'').'"';
 					$mime=dol_mimetype($relativepath,'',0);
 					if (preg_match('/text/',$mime)) $out.= ' target="_blank"';
-					$out.= ' target="_blank">';
+					$out.= '>';
 					$out.= img_mime($file["name"],$langs->trans("File").': '.$file["name"]);
 					$out.= dol_trunc($file["name"], 150);
 					$out.= '</a>'."\n";
@@ -1758,7 +1758,7 @@ class FormFile
 				print $langs->trans('Link') . ': <input type="text" name="link" value="' . $link->url . '">';
 				print '</td>';
 				print '<td>';
-				print $langs->trans('Label') . ': <input type="text" name="label" value="' . $link->label . '">';
+				print $langs->trans('Label') . ': <input type="text" name="label" value="' . dol_escape_htmltag($link->label) . '">';
 				print '</td>';
 				print '<td align="center">' . dol_print_date(dol_now(), "dayhour", "tzuser") . '</td>';
 				print '<td align="right"></td>';
@@ -1772,7 +1772,7 @@ class FormFile
 				print '<td>';
 				print img_picto('', 'object_globe').' ';
 				print '<a data-ajax="false" href="' . $link->url . '" target="_blank">';
-				print $link->label;
+				print dol_escape_htmltag($link->label);
 				print '</a>';
 				print '</td>'."\n";
 				print '<td align="right"></td>';

htdocs/core/class/html.formmail.class.php

@@ -394,6 +394,7 @@ class FormMail extends Form
 			if ($this->param['models'] != 'none')
 			{
 				$result = $this->fetchAllEMailTemplate($this->param["models"], $user, $outputlangs);
+
 				if ($result < 0)
 				{
 					setEventMessages($this->error, $this->errors, 'errors');
@@ -627,7 +628,7 @@ class FormMail extends Form
 						$out.= ' &lt;'.$this->tomail.'&gt;';
 						if ($this->withtofree)
 						{
-							$out.= '<br>'.$langs->trans("and").' <input class="minwidth200" id="sendto" name="sendto" value="'.(! is_array($this->withto) && ! is_numeric($this->withto)? (isset($_REQUEST["sendto"])?$_REQUEST["sendto"]:$this->withto) :"").'" />';
+							$out.= '<br>'.$langs->trans("and").' <input class="minwidth200" id="sendto" name="sendto" value="'.((! is_array($this->withto) && ! is_numeric($this->withto)) ? (isset($_REQUEST["sendto"])?$_REQUEST["sendto"]:$this->withto) : "").'" />';
 						}
 					}
 					else
@@ -640,7 +641,7 @@ class FormMail extends Form
 				{
 					if (! empty($this->withtofree))
 					{
-						$out.= '<input class="minwidth200" id="sendto" name="sendto" value="'.(! is_array($this->withto) && ! is_numeric($this->withto)? (isset($_REQUEST["sendto"])?$_REQUEST["sendto"]:$this->withto) :"").'" />';
+						$out.= '<input class="minwidth200" id="sendto" name="sendto" value="'.((! is_array($this->withto) && ! is_numeric($this->withto)) ? (isset($_REQUEST["sendto"])?$_REQUEST["sendto"]:$this->withto) : "").'" />';
 					}
 					if (! empty($this->withto) && is_array($this->withto))
 					{
@@ -1029,7 +1030,6 @@ class FormMail extends Form
 					$defaultmessage=preg_replace("/^(<br>)+/","",$defaultmessage);
 					$defaultmessage=preg_replace("/^\n+/","",$defaultmessage);
 				}
-
 				$out.= '<tr>';
 				$out.= '<td valign="top">';
 				$out.=$form->textwithpicto($langs->trans('MailText'), $helpforsubstitution, 1, 'help', '', 0, 2, 'substittooltipfrombody');

htdocs/core/class/html.formmargin.class.php

@@ -96,7 +96,7 @@ class FormMargin
 				$line->pa_ht = $line->subprice * (1 - ($line->remise_percent / 100));
 			}
 
-			$pv = $line->qty * $line->subprice * (1 - $line->remise_percent / 100);
+			$pv = $line->total_ht;
 			$pa_ht = ($pv < 0 ? - $line->pa_ht : $line->pa_ht);      // We choosed to have line->pa_ht always positive in database, so we guess the correct sign
 			$pa = $line->qty * $pa_ht;